Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    81s
  • max time network
    181s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18-04-2024 22:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1351d42fa1dd756c95eb9b787e8d48b2c100721b5b3a7a7056b7292ffb3fb484.exe

  • Size

    2.9MB

  • MD5

    433b486eb9bc49054b16c3c2baa7e193

  • SHA1

    11a8f9743118d1360e46b514164595019a846415

  • SHA256

    1351d42fa1dd756c95eb9b787e8d48b2c100721b5b3a7a7056b7292ffb3fb484

  • SHA512

    ef4ad879399a7ed9548c0c952b0b492a31111e432274edaa98aa4be7886ac55c7590aadf98b08052ba131a823ffa0eaadbdd592a0ed177e15326e63486f0c794

  • SSDEEP

    49152:drUf3japltWxLT5WAMU/2qLWwS7P5J4zPZser8ewH:drOGPt8LT5WPU/2qLWw4hJ4zPZsxewH

Score
10/10
amadeylummaredlineriseprostealczgrat@oleh_psplivetrafficdiscoveryevasioninfostealerpersistenceratspywarestealertrojan

Malware Config

Extracted

Family

amadey

Version

4.18

C2

http://193.233.132.56

Attributes
  • install_dir

    09fd851a4f

  • install_file

    explorha.exe

  • strings_key

    443351145ece4966ded809641c77cfa8

  • url_paths

    /Pneh2sXQk0/index.php

rc4.plain

Extracted

Family

amadey

Version

4.17

C2

http://193.233.132.167

Attributes
  • install_dir

    4d0ab15804

  • install_file

    chrosha.exe

  • strings_key

    1a9519d7b465e1f4880fa09a6162d768

  • url_paths

    /enigma/index.php

rc4.plain

Extracted

Family

risepro

C2

147.45.47.93:58709

Extracted

Family

redline

Botnet

@OLEH_PSP

C2

185.172.128.33:8970

Extracted

Family

redline

Botnet

LiveTraffic

C2

4.184.225.183:30592

Extracted

Family

stealc

C2

http://52.143.157.84

Attributes
  • url_path

    /c73eed764cc59dcb.php

Extracted

Family

lumma

C2

https://affordcharmcropwo.shop/api

https://cleartotalfisherwo.shop/api

https://worryfillvolcawoi.shop/api

https://enthusiasimtitleow.shop/api

https://dismissalcylinderhostw.shop/api

https://diskretainvigorousiw.shop/api

https://communicationgenerwo.shop/api

https://pillowbrocccolipe.shop/api

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Detect ZGRat V1 1 IoCs
  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 4 IoCs
  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • UAC bypass 3 TTPs 2 IoCs
    evasiontrojan
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 8 IoCs
    evasion
  • Blocklisted process makes network request 4 IoCs
  • Creates new service(s) 1 TTPs
    persistence
  • Downloads MZ/PE file
  • Stops running service(s) 3 TTPs
    evasion
  • Checks BIOS information in registry 2 TTPs 16 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 37 IoCs
  • Identifies Wine through registry keys 2 TTPs 8 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 13 IoCs
  • Reads WinSCP keys stored on the system 2 TTPs

    Tries to access WinSCP stored sessions.

    spywarestealer
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads local data of messenger clients 2 TTPs

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 4 IoCs
    evasiontrojan
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Looks up external IP address via web service 9 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 8 IoCs
  • Suspicious use of SetThreadContext 9 IoCs
  • Drops file in Windows directory 2 IoCs
  • Launches sc.exe 9 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Creates scheduled task(s) 1 TTPs 3 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\1351d42fa1dd756c95eb9b787e8d48b2c100721b5b3a7a7056b7292ffb3fb484.exe
    "C:\Users\Admin\AppData\Local\Temp\1351d42fa1dd756c95eb9b787e8d48b2c100721b5b3a7a7056b7292ffb3fb484.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4144
    • C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
      "C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3872
      • C:\Users\Admin\AppData\Local\Temp\1000054001\amert.exe
        "C:\Users\Admin\AppData\Local\Temp\1000054001\amert.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        PID:2568
      • C:\Users\Admin\AppData\Local\Temp\1000055001\9e758d26ed.exe
        "C:\Users\Admin\AppData\Local\Temp\1000055001\9e758d26ed.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2572
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/account
          4⤵
          • Enumerates system info in registry
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:2596
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcb6319758,0x7ffcb6319768,0x7ffcb6319778
            5⤵
              PID:3008
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1788,i,12342191187631464460,3288468944364913316,131072 /prefetch:2
              5⤵
                PID:1812
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=1788,i,12342191187631464460,3288468944364913316,131072 /prefetch:8
                5⤵
                  PID:2648
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1788,i,12342191187631464460,3288468944364913316,131072 /prefetch:8
                  5⤵
                    PID:3056
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1788,i,12342191187631464460,3288468944364913316,131072 /prefetch:1
                    5⤵
                      PID:1776
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1788,i,12342191187631464460,3288468944364913316,131072 /prefetch:1
                      5⤵
                        PID:860
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4448 --field-trial-handle=1788,i,12342191187631464460,3288468944364913316,131072 /prefetch:1
                        5⤵
                          PID:4248
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1788,i,12342191187631464460,3288468944364913316,131072 /prefetch:8
                          5⤵
                            PID:424
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1788,i,12342191187631464460,3288468944364913316,131072 /prefetch:8
                            5⤵
                              PID:2348
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1788,i,12342191187631464460,3288468944364913316,131072 /prefetch:8
                              5⤵
                                PID:2352
                          • C:\Users\Admin\AppData\Local\Temp\1000056001\887c48bd6d.exe
                            "C:\Users\Admin\AppData\Local\Temp\1000056001\887c48bd6d.exe"
                            3⤵
                            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                            • Checks BIOS information in registry
                            • Executes dropped EXE
                            • Identifies Wine through registry keys
                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2816
                          • C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
                            "C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe"
                            3⤵
                            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                            • Checks BIOS information in registry
                            • Executes dropped EXE
                            • Identifies Wine through registry keys
                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2968
                          • C:\Windows\SysWOW64\rundll32.exe
                            "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main
                            3⤵
                            • Loads dropped DLL
                            PID:1364
                            • C:\Windows\system32\rundll32.exe
                              "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main
                              4⤵
                              • Blocklisted process makes network request
                              • Loads dropped DLL
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4480
                              • C:\Windows\system32\netsh.exe
                                netsh wlan show profiles
                                5⤵
                                  PID:1584
                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\106386276412_Desktop.zip' -CompressionLevel Optimal
                                  5⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:1928
                            • C:\Windows\SysWOW64\rundll32.exe
                              "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\clip64.dll, Main
                              3⤵
                              • Blocklisted process makes network request
                              • Loads dropped DLL
                              PID:2876
                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                          1⤵
                            PID:4480
                          • C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
                            C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
                            1⤵
                            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                            • Checks BIOS information in registry
                            • Executes dropped EXE
                            • Identifies Wine through registry keys
                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4388
                          • C:\Users\Admin\AppData\Local\Temp\4d0ab15804\chrosha.exe
                            C:\Users\Admin\AppData\Local\Temp\4d0ab15804\chrosha.exe
                            1⤵
                            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                            • Checks BIOS information in registry
                            • Executes dropped EXE
                            • Identifies Wine through registry keys
                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                            • Suspicious use of SetThreadContext
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3636
                            • C:\Users\Admin\AppData\Local\Temp\1000147001\swiiiii.exe
                              "C:\Users\Admin\AppData\Local\Temp\1000147001\swiiiii.exe"
                              2⤵
                              • Executes dropped EXE
                              • Suspicious use of SetThreadContext
                              PID:420
                              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                3⤵
                                  PID:236
                                • C:\Windows\SysWOW64\WerFault.exe
                                  C:\Windows\SysWOW64\WerFault.exe -u -p 420 -s 832
                                  3⤵
                                  • Program crash
                                  PID:836
                              • C:\Users\Admin\AppData\Local\Temp\1000148001\alexxxxxxxx.exe
                                "C:\Users\Admin\AppData\Local\Temp\1000148001\alexxxxxxxx.exe"
                                2⤵
                                • Executes dropped EXE
                                • Suspicious use of SetThreadContext
                                PID:192
                                • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                  3⤵
                                    PID:316
                                    • C:\Users\Admin\AppData\Roaming\configurationValue\propro.exe
                                      "C:\Users\Admin\AppData\Roaming\configurationValue\propro.exe"
                                      4⤵
                                      • Executes dropped EXE
                                      • Modifies system certificate store
                                      PID:2712
                                    • C:\Users\Admin\AppData\Roaming\configurationValue\Traffic.exe
                                      "C:\Users\Admin\AppData\Roaming\configurationValue\Traffic.exe"
                                      4⤵
                                      • Executes dropped EXE
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:4820
                                    • C:\Windows\SysWOW64\cmd.exe
                                      "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "RegAsm.exe"
                                      4⤵
                                        PID:6684
                                        • C:\Windows\SysWOW64\choice.exe
                                          choice /C Y /N /D Y /T 3
                                          5⤵
                                            PID:2480
                                    • C:\Users\Admin\AppData\Local\Temp\1000149001\gold.exe
                                      "C:\Users\Admin\AppData\Local\Temp\1000149001\gold.exe"
                                      2⤵
                                      • Executes dropped EXE
                                      • Suspicious use of SetThreadContext
                                      PID:220
                                      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                        3⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:2536
                                    • C:\Users\Admin\AppData\Local\Temp\1000150001\NewB.exe
                                      "C:\Users\Admin\AppData\Local\Temp\1000150001\NewB.exe"
                                      2⤵
                                      • Executes dropped EXE
                                      PID:5304
                                      • C:\Windows\SysWOW64\schtasks.exe
                                        "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN NewB.exe /TR "C:\Users\Admin\AppData\Local\Temp\1000150001\NewB.exe" /F
                                        3⤵
                                        • Creates scheduled task(s)
                                        PID:5360
                                      • C:\Users\Admin\AppData\Local\Temp\1000193001\ISetup8.exe
                                        "C:\Users\Admin\AppData\Local\Temp\1000193001\ISetup8.exe"
                                        3⤵
                                        • Executes dropped EXE
                                        PID:5472
                                        • C:\Users\Admin\AppData\Local\Temp\u480.0.exe
                                          "C:\Users\Admin\AppData\Local\Temp\u480.0.exe"
                                          4⤵
                                          • Executes dropped EXE
                                          PID:5584
                                        • C:\Users\Admin\AppData\Local\Temp\Qg_Appv5.exe
                                          "C:\Users\Admin\AppData\Local\Temp\Qg_Appv5.exe"
                                          4⤵
                                          • Executes dropped EXE
                                          • Suspicious use of SetWindowsHookEx
                                          PID:2644
                                          • C:\Users\Admin\AppData\Local\Temp\Zqicom_beta\UniversalInstaller.exe
                                            C:\Users\Admin\AppData\Local\Temp\Zqicom_beta\UniversalInstaller.exe
                                            5⤵
                                            • Executes dropped EXE
                                            • Loads dropped DLL
                                            • Suspicious use of SetWindowsHookEx
                                            PID:1212
                                            • C:\Users\Admin\AppData\Roaming\Zqicom_beta\UniversalInstaller.exe
                                              C:\Users\Admin\AppData\Roaming\Zqicom_beta\UniversalInstaller.exe
                                              6⤵
                                              • Executes dropped EXE
                                              • Loads dropped DLL
                                              • Suspicious use of SetWindowsHookEx
                                              PID:4960
                                              • C:\Windows\SysWOW64\cmd.exe
                                                C:\Windows\SysWOW64\cmd.exe
                                                7⤵
                                                  PID:1988
                                                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                    C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                    8⤵
                                                      PID:7164
                                            • C:\Users\Admin\AppData\Local\Temp\u480.1.exe
                                              "C:\Users\Admin\AppData\Local\Temp\u480.1.exe"
                                              4⤵
                                              • Executes dropped EXE
                                              • Checks SCSI registry key(s)
                                              • Suspicious use of FindShellTrayWindow
                                              • Suspicious use of SendNotifyMessage
                                              PID:5452
                                          • C:\Users\Admin\AppData\Local\Temp\1000194001\toolspub1.exe
                                            "C:\Users\Admin\AppData\Local\Temp\1000194001\toolspub1.exe"
                                            3⤵
                                            • Executes dropped EXE
                                            • Checks SCSI registry key(s)
                                            PID:2636
                                            • C:\Windows\SysWOW64\WerFault.exe
                                              C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 516
                                              4⤵
                                              • Program crash
                                              PID:5268
                                          • C:\Users\Admin\AppData\Local\Temp\1000195001\4767d2e713f2021e8fe856e3ea638b58.exe
                                            "C:\Users\Admin\AppData\Local\Temp\1000195001\4767d2e713f2021e8fe856e3ea638b58.exe"
                                            3⤵
                                            • Executes dropped EXE
                                            PID:5460
                                            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              powershell -nologo -noprofile
                                              4⤵
                                                PID:6180
                                            • C:\Users\Admin\AppData\Local\Temp\1000196001\FirstZ.exe
                                              "C:\Users\Admin\AppData\Local\Temp\1000196001\FirstZ.exe"
                                              3⤵
                                              • Executes dropped EXE
                                              PID:3848
                                              • C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
                                                C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                                                4⤵
                                                  PID:6792
                                                • C:\Windows\system32\cmd.exe
                                                  C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                                                  4⤵
                                                    PID:5516
                                                    • C:\Windows\system32\wusa.exe
                                                      wusa /uninstall /kb:890830 /quiet /norestart
                                                      5⤵
                                                        PID:6112
                                                    • C:\Windows\system32\sc.exe
                                                      C:\Windows\system32\sc.exe stop UsoSvc
                                                      4⤵
                                                      • Launches sc.exe
                                                      PID:7096
                                                    • C:\Windows\system32\sc.exe
                                                      C:\Windows\system32\sc.exe stop WaaSMedicSvc
                                                      4⤵
                                                      • Launches sc.exe
                                                      PID:3084
                                                    • C:\Windows\system32\sc.exe
                                                      C:\Windows\system32\sc.exe stop wuauserv
                                                      4⤵
                                                      • Launches sc.exe
                                                      PID:2888
                                                    • C:\Windows\system32\sc.exe
                                                      C:\Windows\system32\sc.exe stop bits
                                                      4⤵
                                                      • Launches sc.exe
                                                      PID:652
                                                    • C:\Windows\system32\sc.exe
                                                      C:\Windows\system32\sc.exe stop dosvc
                                                      4⤵
                                                      • Launches sc.exe
                                                      PID:5472
                                                    • C:\Windows\system32\powercfg.exe
                                                      C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                                                      4⤵
                                                        PID:7120
                                                      • C:\Windows\system32\powercfg.exe
                                                        C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                                                        4⤵
                                                          PID:5376
                                                        • C:\Windows\system32\powercfg.exe
                                                          C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                                                          4⤵
                                                            PID:7048
                                                          • C:\Windows\system32\powercfg.exe
                                                            C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                                                            4⤵
                                                              PID:224
                                                            • C:\Windows\system32\sc.exe
                                                              C:\Windows\system32\sc.exe delete "WSNKISKT"
                                                              4⤵
                                                              • Launches sc.exe
                                                              PID:6500
                                                            • C:\Windows\system32\sc.exe
                                                              C:\Windows\system32\sc.exe create "WSNKISKT" binpath= "C:\ProgramData\wikombernizc\reakuqnanrkn.exe" start= "auto"
                                                              4⤵
                                                              • Launches sc.exe
                                                              PID:6352
                                                            • C:\Windows\system32\sc.exe
                                                              C:\Windows\system32\sc.exe stop eventlog
                                                              4⤵
                                                              • Launches sc.exe
                                                              PID:4148
                                                            • C:\Windows\system32\sc.exe
                                                              C:\Windows\system32\sc.exe start "WSNKISKT"
                                                              4⤵
                                                              • Launches sc.exe
                                                              PID:6636
                                                          • C:\Users\Admin\AppData\Local\Temp\1000198001\Uni400uni.exe
                                                            "C:\Users\Admin\AppData\Local\Temp\1000198001\Uni400uni.exe"
                                                            3⤵
                                                            • UAC bypass
                                                            • Executes dropped EXE
                                                            • Checks whether UAC is enabled
                                                            • Suspicious use of SetThreadContext
                                                            • System policy modification
                                                            PID:6024
                                                            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                              "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\1000198001\Uni400uni.exe" -Force
                                                              4⤵
                                                                PID:3440
                                                              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
                                                                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
                                                                4⤵
                                                                  PID:6092
                                                                  • C:\Users\Admin\Pictures\6L25L2qcia1XqMVwTklb6y0v.exe
                                                                    "C:\Users\Admin\Pictures\6L25L2qcia1XqMVwTklb6y0v.exe"
                                                                    5⤵
                                                                    • Executes dropped EXE
                                                                    PID:4996
                                                                    • C:\Users\Admin\AppData\Local\Temp\u3us.0.exe
                                                                      "C:\Users\Admin\AppData\Local\Temp\u3us.0.exe"
                                                                      6⤵
                                                                        PID:6412
                                                                      • C:\Users\Admin\AppData\Local\Temp\Qg_Appv5.exe
                                                                        "C:\Users\Admin\AppData\Local\Temp\Qg_Appv5.exe"
                                                                        6⤵
                                                                          PID:5244
                                                                          • C:\Users\Admin\AppData\Local\Temp\Zqicom_beta\UniversalInstaller.exe
                                                                            C:\Users\Admin\AppData\Local\Temp\Zqicom_beta\UniversalInstaller.exe
                                                                            7⤵
                                                                              PID:1292
                                                                          • C:\Users\Admin\AppData\Local\Temp\u3us.1.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\u3us.1.exe"
                                                                            6⤵
                                                                              PID:5868
                                                                          • C:\Users\Admin\Pictures\TQ0cCu0MTMeYdDLpAs8jCbRO.exe
                                                                            "C:\Users\Admin\Pictures\TQ0cCu0MTMeYdDLpAs8jCbRO.exe"
                                                                            5⤵
                                                                            • Executes dropped EXE
                                                                            PID:5084
                                                                          • C:\Users\Admin\Pictures\egDpEbNvHiOnnqAF3de66ECF.exe
                                                                            "C:\Users\Admin\Pictures\egDpEbNvHiOnnqAF3de66ECF.exe"
                                                                            5⤵
                                                                            • Executes dropped EXE
                                                                            PID:408
                                                                          • C:\Users\Admin\Pictures\Cv3oTFJiOF9b7kUj7XAa7LWN.exe
                                                                            "C:\Users\Admin\Pictures\Cv3oTFJiOF9b7kUj7XAa7LWN.exe"
                                                                            5⤵
                                                                            • Executes dropped EXE
                                                                            PID:4168
                                                                          • C:\Users\Admin\Pictures\RllzKEXIa1k3SlWC6PYaO3ZR.exe
                                                                            "C:\Users\Admin\Pictures\RllzKEXIa1k3SlWC6PYaO3ZR.exe" --silent --allusers=0
                                                                            5⤵
                                                                              PID:3992
                                                                              • C:\Users\Admin\Pictures\RllzKEXIa1k3SlWC6PYaO3ZR.exe
                                                                                C:\Users\Admin\Pictures\RllzKEXIa1k3SlWC6PYaO3ZR.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x2a0,0x2a4,0x2a8,0x27c,0x2ac,0x6a84e1d0,0x6a84e1dc,0x6a84e1e8
                                                                                6⤵
                                                                                  PID:6212
                                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\RllzKEXIa1k3SlWC6PYaO3ZR.exe
                                                                                  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\RllzKEXIa1k3SlWC6PYaO3ZR.exe" --version
                                                                                  6⤵
                                                                                    PID:6452
                                                                                  • C:\Users\Admin\Pictures\RllzKEXIa1k3SlWC6PYaO3ZR.exe
                                                                                    "C:\Users\Admin\Pictures\RllzKEXIa1k3SlWC6PYaO3ZR.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=3992 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240418222338" --session-guid=80c567ca-91ec-448c-bc6a-20db9408ff99 --server-tracking-blob="NWEwZDE1MTY2NDBmZGNlY2U0ZmU2ZGE3OWMyNGViZTJkNTYwMzZjZDQyNmI5NDIyNmY3ZDkyNzI4ODk3NDAxNzp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1ta3QmdXRtX2NhbXBhaWduPTc2N19fMTIzIiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzEzNDc5MDEzLjYzNDMiLCJ1dG0iOnsiY2FtcGFpZ24iOiI3NjdfXzEyMyIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6Im1rdCJ9LCJ1dWlkIjoiOTE4MDFmNDEtNjg4OC00NWY5LWE2NjgtN2RkOGJjMTY0MWRmIn0= " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=4C04000000000000
                                                                                    6⤵
                                                                                      PID:6552
                                                                                      • C:\Users\Admin\Pictures\RllzKEXIa1k3SlWC6PYaO3ZR.exe
                                                                                        C:\Users\Admin\Pictures\RllzKEXIa1k3SlWC6PYaO3ZR.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x2b0,0x2b4,0x2b8,0x280,0x2bc,0x69ece1d0,0x69ece1dc,0x69ece1e8
                                                                                        7⤵
                                                                                          PID:6612
                                                                                      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404182223381\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe
                                                                                        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404182223381\assistant\Assistant_109.0.5097.45_Setup.exe_sfx.exe"
                                                                                        6⤵
                                                                                          PID:5588
                                                                                        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404182223381\assistant\assistant_installer.exe
                                                                                          "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404182223381\assistant\assistant_installer.exe" --version
                                                                                          6⤵
                                                                                            PID:5612
                                                                                            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404182223381\assistant\assistant_installer.exe
                                                                                              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404182223381\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x230,0x234,0x238,0x20c,0x23c,0x206038,0x206044,0x206050
                                                                                              7⤵
                                                                                                PID:652
                                                                                          • C:\Users\Admin\Pictures\jDHsHSUnv38oNgVASzsWitip.exe
                                                                                            "C:\Users\Admin\Pictures\jDHsHSUnv38oNgVASzsWitip.exe"
                                                                                            5⤵
                                                                                              PID:7128
                                                                                              • C:\Users\Admin\AppData\Local\Temp\7zSBC85.tmp\Install.exe
                                                                                                .\Install.exe /sQwdidHh "385118" /S
                                                                                                6⤵
                                                                                                  PID:6204
                                                                                                  • C:\Windows\SysWOW64\forfiles.exe
                                                                                                    "C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"
                                                                                                    7⤵
                                                                                                      PID:7040
                                                                                                    • C:\Windows\SysWOW64\schtasks.exe
                                                                                                      schtasks /CREATE /TN "bWycNackLSywaqkmgR" /SC once /ST 22:25:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\JMPZeWvHhArmqROvY\NwfPJCCpQqPYDzK\vaDVVof.exe\" em /ePsite_idPuK 385118 /S" /V1 /F
                                                                                                      7⤵
                                                                                                      • Creates scheduled task(s)
                                                                                                      PID:5732
                                                                                              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
                                                                                                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
                                                                                                4⤵
                                                                                                  PID:5940
                                                                                              • C:\Users\Admin\AppData\Local\Temp\1000200001\070.exe
                                                                                                "C:\Users\Admin\AppData\Local\Temp\1000200001\070.exe"
                                                                                                3⤵
                                                                                                • Executes dropped EXE
                                                                                                PID:5512
                                                                                                • C:\Users\Admin\AppData\Local\Temp\is-OS9JJ.tmp\is-DV5GM.tmp
                                                                                                  "C:\Users\Admin\AppData\Local\Temp\is-OS9JJ.tmp\is-DV5GM.tmp" /SL4 $700E0 "C:\Users\Admin\AppData\Local\Temp\1000200001\070.exe" 3710753 52224
                                                                                                  4⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Loads dropped DLL
                                                                                                  PID:648
                                                                                                  • C:\Users\Admin\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe
                                                                                                    "C:\Users\Admin\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe" -i
                                                                                                    5⤵
                                                                                                    • Executes dropped EXE
                                                                                                    PID:4932
                                                                                                  • C:\Users\Admin\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe
                                                                                                    "C:\Users\Admin\AppData\Local\CD-DVD-Runner\cddvdrunner2333.exe" -s
                                                                                                    5⤵
                                                                                                    • Executes dropped EXE
                                                                                                    PID:1872
                                                                                            • C:\Users\Admin\AppData\Local\Temp\1000152001\jok.exe
                                                                                              "C:\Users\Admin\AppData\Local\Temp\1000152001\jok.exe"
                                                                                              2⤵
                                                                                              • Executes dropped EXE
                                                                                              PID:5568
                                                                                            • C:\Windows\SysWOW64\rundll32.exe
                                                                                              "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\cred64.dll, Main
                                                                                              2⤵
                                                                                              • Loads dropped DLL
                                                                                              PID:5720
                                                                                              • C:\Windows\system32\rundll32.exe
                                                                                                "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\cred64.dll, Main
                                                                                                3⤵
                                                                                                • Blocklisted process makes network request
                                                                                                • Loads dropped DLL
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                PID:5812
                                                                                                • C:\Windows\system32\netsh.exe
                                                                                                  netsh wlan show profiles
                                                                                                  4⤵
                                                                                                    PID:5840
                                                                                                  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\106386276412_Desktop.zip' -CompressionLevel Optimal
                                                                                                    4⤵
                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                    PID:5480
                                                                                              • C:\Users\Admin\AppData\Local\Temp\1000153001\swiiii.exe
                                                                                                "C:\Users\Admin\AppData\Local\Temp\1000153001\swiiii.exe"
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                • Suspicious use of SetThreadContext
                                                                                                PID:5936
                                                                                                • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                  3⤵
                                                                                                  • Loads dropped DLL
                                                                                                  • Checks processor information in registry
                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                  PID:5144
                                                                                              • C:\Users\Admin\AppData\Local\Temp\4d0ab15804\chrosha.exe
                                                                                                "C:\Users\Admin\AppData\Local\Temp\4d0ab15804\chrosha.exe"
                                                                                                2⤵
                                                                                                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                                                                • Checks BIOS information in registry
                                                                                                • Executes dropped EXE
                                                                                                • Identifies Wine through registry keys
                                                                                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                                                PID:3008
                                                                                              • C:\Users\Admin\AppData\Local\Temp\1000167001\build_1GyXIDXRUC.exe
                                                                                                "C:\Users\Admin\AppData\Local\Temp\1000167001\build_1GyXIDXRUC.exe"
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                • Suspicious use of SetThreadContext
                                                                                                PID:5668
                                                                                                • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                  3⤵
                                                                                                    PID:4908
                                                                                                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                    3⤵
                                                                                                      PID:5916
                                                                                                  • C:\Windows\SysWOW64\rundll32.exe
                                                                                                    "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\clip64.dll, Main
                                                                                                    2⤵
                                                                                                    • Blocklisted process makes network request
                                                                                                    • Loads dropped DLL
                                                                                                    PID:4276
                                                                                                  • C:\Users\Admin\AppData\Local\Temp\1000173001\Startup.exe
                                                                                                    "C:\Users\Admin\AppData\Local\Temp\1000173001\Startup.exe"
                                                                                                    2⤵
                                                                                                    • Executes dropped EXE
                                                                                                    PID:6116
                                                                                                  • C:\Users\Admin\AppData\Local\Temp\1000181001\file300un.exe
                                                                                                    "C:\Users\Admin\AppData\Local\Temp\1000181001\file300un.exe"
                                                                                                    2⤵
                                                                                                    • UAC bypass
                                                                                                    • Executes dropped EXE
                                                                                                    • Checks whether UAC is enabled
                                                                                                    • Suspicious use of SetThreadContext
                                                                                                    • System policy modification
                                                                                                    PID:6124
                                                                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\1000181001\file300un.exe" -Force
                                                                                                      3⤵
                                                                                                        PID:428
                                                                                                      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
                                                                                                        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
                                                                                                        3⤵
                                                                                                          PID:2984
                                                                                                          • C:\Users\Admin\Pictures\wSUgGRm2sGTYTQoix60BY0zS.exe
                                                                                                            "C:\Users\Admin\Pictures\wSUgGRm2sGTYTQoix60BY0zS.exe"
                                                                                                            4⤵
                                                                                                              PID:6992
                                                                                                            • C:\Users\Admin\Pictures\t7bimzsIXqIVcXonrFKQwr1f.exe
                                                                                                              "C:\Users\Admin\Pictures\t7bimzsIXqIVcXonrFKQwr1f.exe"
                                                                                                              4⤵
                                                                                                                PID:7008
                                                                                                              • C:\Users\Admin\Pictures\BCr7G495T4zETyNhru1gClIt.exe
                                                                                                                "C:\Users\Admin\Pictures\BCr7G495T4zETyNhru1gClIt.exe"
                                                                                                                4⤵
                                                                                                                  PID:5212
                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\7zSE7EA.tmp\Install.exe
                                                                                                                    .\Install.exe /sQwdidHh "385118" /S
                                                                                                                    5⤵
                                                                                                                      PID:6788
                                                                                                                      • C:\Windows\SysWOW64\forfiles.exe
                                                                                                                        "C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"
                                                                                                                        6⤵
                                                                                                                          PID:6452
                                                                                                                          • C:\Windows\System32\Conhost.exe
                                                                                                                            \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            7⤵
                                                                                                                              PID:4908
                                                                                                                          • C:\Windows\SysWOW64\schtasks.exe
                                                                                                                            schtasks /CREATE /TN "bWycNackLSywaqkmgR" /SC once /ST 22:25:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\JMPZeWvHhArmqROvY\NwfPJCCpQqPYDzK\zwJAxZK.exe\" em /rnsite_idEYN 385118 /S" /V1 /F
                                                                                                                            6⤵
                                                                                                                            • Creates scheduled task(s)
                                                                                                                            PID:6504
                                                                                                                      • C:\Users\Admin\Pictures\ma2T4OOmVJ7i7ioDnaF7ersO.exe
                                                                                                                        "C:\Users\Admin\Pictures\ma2T4OOmVJ7i7ioDnaF7ersO.exe"
                                                                                                                        4⤵
                                                                                                                          PID:7088
                                                                                                                        • C:\Users\Admin\Pictures\8Y5r0Z6SPAodtJZFyvLklXBJ.exe
                                                                                                                          "C:\Users\Admin\Pictures\8Y5r0Z6SPAodtJZFyvLklXBJ.exe"
                                                                                                                          4⤵
                                                                                                                            PID:7136
                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\u5i8.0.exe
                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\u5i8.0.exe"
                                                                                                                              5⤵
                                                                                                                                PID:1776
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\u5i8.1.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\u5i8.1.exe"
                                                                                                                                5⤵
                                                                                                                                  PID:6776
                                                                                                                              • C:\Users\Admin\Pictures\5Se0lX8ljGDnISY17A49oNuH.exe
                                                                                                                                "C:\Users\Admin\Pictures\5Se0lX8ljGDnISY17A49oNuH.exe" --silent --allusers=0
                                                                                                                                4⤵
                                                                                                                                  PID:5852
                                                                                                                                  • C:\Users\Admin\Pictures\5Se0lX8ljGDnISY17A49oNuH.exe
                                                                                                                                    C:\Users\Admin\Pictures\5Se0lX8ljGDnISY17A49oNuH.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.45 --initial-client-data=0x2a0,0x2a4,0x2a8,0x27c,0x2ac,0x6954e1d0,0x6954e1dc,0x6954e1e8
                                                                                                                                    5⤵
                                                                                                                                      PID:6108
                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\5Se0lX8ljGDnISY17A49oNuH.exe
                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\5Se0lX8ljGDnISY17A49oNuH.exe" --version
                                                                                                                                      5⤵
                                                                                                                                        PID:7068
                                                                                                                                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
                                                                                                                                    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe"
                                                                                                                                    3⤵
                                                                                                                                      PID:1404
                                                                                                                                • \??\c:\windows\system32\svchost.exe
                                                                                                                                  c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s fhsvc
                                                                                                                                  1⤵
                                                                                                                                    PID:4472
                                                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                                                    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
                                                                                                                                    1⤵
                                                                                                                                      PID:6264
                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                                                      1⤵
                                                                                                                                        PID:6784
                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\1000150001\NewB.exe
                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\1000150001\NewB.exe
                                                                                                                                        1⤵
                                                                                                                                          PID:6952
                                                                                                                                        • C:\ProgramData\wikombernizc\reakuqnanrkn.exe
                                                                                                                                          C:\ProgramData\wikombernizc\reakuqnanrkn.exe
                                                                                                                                          1⤵
                                                                                                                                            PID:6812
                                                                                                                                            • C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                              C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                                                                                                                                              2⤵
                                                                                                                                                PID:5864

                                                                                                                                            Network

                                                                                                                                            MITRE ATT&CK Enterprise v15

                                                                                                                                            Reconnaissance

                                                                                                                                            Resource Development

                                                                                                                                            Initial Access

                                                                                                                                            Execution

                                                                                                                                            Scheduled Task/Job

                                                                                                                                            1
                                                                                                                                            T1053

                                                                                                                                            Persistence

                                                                                                                                            Boot or Logon Autostart Execution

                                                                                                                                            1
                                                                                                                                            T1547

                                                                                                                                            Registry Run Keys / Startup Folder

                                                                                                                                            1
                                                                                                                                            T1547.001

                                                                                                                                            Create or Modify System Process

                                                                                                                                            2
                                                                                                                                            T1543

                                                                                                                                            Windows Service

                                                                                                                                            2
                                                                                                                                            T1543.003

                                                                                                                                            Scheduled Task/Job

                                                                                                                                            1
                                                                                                                                            T1053

                                                                                                                                            Privilege Escalation

                                                                                                                                            Abuse Elevation Control Mechanism

                                                                                                                                            1
                                                                                                                                            T1548

                                                                                                                                            Bypass User Account Control

                                                                                                                                            1
                                                                                                                                            T1548.002

                                                                                                                                            Boot or Logon Autostart Execution

                                                                                                                                            1
                                                                                                                                            T1547

                                                                                                                                            Registry Run Keys / Startup Folder

                                                                                                                                            1
                                                                                                                                            T1547.001

                                                                                                                                            Create or Modify System Process

                                                                                                                                            2
                                                                                                                                            T1543

                                                                                                                                            Windows Service

                                                                                                                                            2
                                                                                                                                            T1543.003

                                                                                                                                            Scheduled Task/Job

                                                                                                                                            1
                                                                                                                                            T1053

                                                                                                                                            Defense Evasion

                                                                                                                                            Abuse Elevation Control Mechanism

                                                                                                                                            1
                                                                                                                                            T1548

                                                                                                                                            Bypass User Account Control

                                                                                                                                            1
                                                                                                                                            T1548.002

                                                                                                                                            Impair Defenses

                                                                                                                                            2
                                                                                                                                            T1562

                                                                                                                                            Disable or Modify Tools

                                                                                                                                            1
                                                                                                                                            T1562.001

                                                                                                                                            Modify Registry

                                                                                                                                            4
                                                                                                                                            T1112

                                                                                                                                            Subvert Trust Controls

                                                                                                                                            1
                                                                                                                                            T1553

                                                                                                                                            Install Root Certificate

                                                                                                                                            1
                                                                                                                                            T1553.004

                                                                                                                                            Virtualization/Sandbox Evasion

                                                                                                                                            2
                                                                                                                                            T1497

                                                                                                                                            Credential Access

                                                                                                                                            Unsecured Credentials

                                                                                                                                            5
                                                                                                                                            T1552

                                                                                                                                            Credentials In Files

                                                                                                                                            4
                                                                                                                                            T1552.001

                                                                                                                                            Credentials in Registry

                                                                                                                                            1
                                                                                                                                            T1552.002

                                                                                                                                            Discovery

                                                                                                                                            Peripheral Device Discovery

                                                                                                                                            1
                                                                                                                                            T1120

                                                                                                                                            Query Registry

                                                                                                                                            7
                                                                                                                                            T1012

                                                                                                                                            System Information Discovery

                                                                                                                                            6
                                                                                                                                            T1082

                                                                                                                                            Virtualization/Sandbox Evasion

                                                                                                                                            2
                                                                                                                                            T1497

                                                                                                                                            Lateral Movement

                                                                                                                                            Collection

                                                                                                                                            Data from Local System

                                                                                                                                            5
                                                                                                                                            T1005

                                                                                                                                            Command and Control

                                                                                                                                            Web Service

                                                                                                                                            1
                                                                                                                                            T1102

                                                                                                                                            Exfiltration

                                                                                                                                            Impact

                                                                                                                                            Service Stop

                                                                                                                                            1
                                                                                                                                            T1489

                                                                                                                                            Replay Monitor

                                                                                                                                            Loading Replay Monitor...

                                                                                                                                            Downloads

                                                                                                                                            • C:\ProgramData\ImageGuide 3.1.33.67\ImageGuide 3.1.33.67.exe
                                                                                                                                              Filesize

                                                                                                                                              3.9MB

                                                                                                                                              MD5

                                                                                                                                              80d5389c5a4f9a34ffb6432986f20cf1

                                                                                                                                              SHA1

                                                                                                                                              9fa64fbf8788152616e84f708655c7278d30e09d

                                                                                                                                              SHA256

                                                                                                                                              13d2fce54d140f74b58df72e26d1be9803a2e953f48972bf576c5e4f8b5e8f04

                                                                                                                                              SHA512

                                                                                                                                              7d202a373f1d5ca0be5ed9a7e10a396c3b986f4d7f0e4a0ef373ebd71a9cbcb508e11a3a9abab911bc91d0ed6a972e2291e25304c1bf2a74cf3870e9dbc22485

                                                                                                                                              Download Submit

                                                                                                                                            • C:\ProgramData\mozglue.dll
                                                                                                                                              Filesize

                                                                                                                                              593KB

                                                                                                                                              MD5

                                                                                                                                              c8fd9be83bc728cc04beffafc2907fe9

                                                                                                                                              SHA1

                                                                                                                                              95ab9f701e0024cedfbd312bcfe4e726744c4f2e

                                                                                                                                              SHA256

                                                                                                                                              ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

                                                                                                                                              SHA512

                                                                                                                                              fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                              Filesize

                                                                                                                                              216B

                                                                                                                                              MD5

                                                                                                                                              f7f903a45767f41144d388122053c90f

                                                                                                                                              SHA1

                                                                                                                                              4789fcd044aaadc94e9b23dacea814681fc1228b

                                                                                                                                              SHA256

                                                                                                                                              01f0998c004fb701382cac0ca3c47c002ebb090c629a2a1eba74f7136b665300

                                                                                                                                              SHA512

                                                                                                                                              3b9a1141ce80ef1976588498052d7e67f631c03be2c6d02a1b096b20391a48d1d8ed6505936c8d6af53c4b494c22cf0aab525254c1c20008c58d7efac3ba3e81

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
                                                                                                                                              Filesize

                                                                                                                                              148KB

                                                                                                                                              MD5

                                                                                                                                              5887fe184d3c98e78f76875408316c3e

                                                                                                                                              SHA1

                                                                                                                                              1571a65093dcc0507a65941824e7b4d58b699e80

                                                                                                                                              SHA256

                                                                                                                                              653c737da4dd865ec6376e9872911c4ad0a4d8fd6b81181ec642760e6a95b15c

                                                                                                                                              SHA512

                                                                                                                                              df137bacab76740cc2c6c981577537f289350134702dd17744688cebf44016d7e7fdb1327a6488eeaea156d01b0e1fb837dc72c53609f198a554199e03ddff77

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                                                                                                                                              Filesize

                                                                                                                                              20KB

                                                                                                                                              MD5

                                                                                                                                              826425938ed9ba247ffd556ea8d56b7e

                                                                                                                                              SHA1

                                                                                                                                              f42c71d0b46ebfbe55e0967ccfed0c54005f8bc8

                                                                                                                                              SHA256

                                                                                                                                              913e07d2d7ea1f675cc8a9ec4681ecfbc3eab05fdf9f0de0482ed8bd300ba63f

                                                                                                                                              SHA512

                                                                                                                                              b4dca433635cbe274c4a03a0f60693f449f69e5e8c0a98273af2e917d243301a1e1f37e01dd5154f134ff2a0f4a24743419229a212cf403159f9443876f98267

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                              Filesize

                                                                                                                                              705B

                                                                                                                                              MD5

                                                                                                                                              b9f0c221ca6c74a4e999bb53eb69a85a

                                                                                                                                              SHA1

                                                                                                                                              c3d045d15bf35d67fb48668b5091614b0d80edb3

                                                                                                                                              SHA256

                                                                                                                                              f735f5d2a1cc5c6c1cac2be6f8e74d15c730152cd8262aca784bf317908f8745

                                                                                                                                              SHA512

                                                                                                                                              5aec9a37ea57cd489396b85b60bcd31215ed59395b82a98707b4c889c00f63cf069ba4d33df0be41ea57980a22d57a1eb2d3271a8b390f2f627f2e65a1ac1485

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                              Filesize

                                                                                                                                              6KB

                                                                                                                                              MD5

                                                                                                                                              bb86db23c9332685dfb26ffacd9a40f4

                                                                                                                                              SHA1

                                                                                                                                              ffc9dfaf5dca574c51af5c711228ed292f7c3275

                                                                                                                                              SHA256

                                                                                                                                              6095d3e20fd9529aef7b535faa240025eff42c25465e28486aa12f20fdfe9616

                                                                                                                                              SHA512

                                                                                                                                              408200fe031c23b19cfda6a7c8af1cca222d52aeb0923c197ca699cc244850657d705ba25109617d6f23071575b29a98169a9447b47aa1908749725c9843d956

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                              Filesize

                                                                                                                                              6KB

                                                                                                                                              MD5

                                                                                                                                              944dffb715b87c88e8f0f36f838374e6

                                                                                                                                              SHA1

                                                                                                                                              e5874d11ded9e1058d2885f79a53db63edf93354

                                                                                                                                              SHA256

                                                                                                                                              7db4b638ff6b15e55129d4157afdc0637eb827bdaae0814e99909d72ecd44fc1

                                                                                                                                              SHA512

                                                                                                                                              0f1041088d569a71fad7c1269acd6beba3f0a7bf2879ba63b5bb9f9c246193c7990bfdc710f623dff626cac1155fc032b2ad60ecf80dbd1b741b2b3070567709

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                                                                                                              Filesize

                                                                                                                                              12KB

                                                                                                                                              MD5

                                                                                                                                              4a2fc91bc1a9f154f400bb8bcfb45b03

                                                                                                                                              SHA1

                                                                                                                                              c68d3a3a0b023baf130b6360ec2d4475daf18c30

                                                                                                                                              SHA256

                                                                                                                                              920ff6380e554ee388dd3caae02949ea863fee4958331efc77ebad0b364ae106

                                                                                                                                              SHA512

                                                                                                                                              86860041ee7e0c6d9b4a33aa062e8b704c412d1dc7364a8b3025ec70867ae12bca4268ee39148520da8c7157ec74e420cba037ca0821435aefb05513478e18d8

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                                              Filesize

                                                                                                                                              271KB

                                                                                                                                              MD5

                                                                                                                                              828e66a0837224b2a923a5a980d6abbb

                                                                                                                                              SHA1

                                                                                                                                              4218a37b6b3b979d5a24043af008c2215139d0c7

                                                                                                                                              SHA256

                                                                                                                                              89f8be143871f0fb216ebb2005990ea02afc958c2533a3f1ea2ba08a694e1cde

                                                                                                                                              SHA512

                                                                                                                                              050e6a82a8532bc1cb69ae892a8015a3b2b715836e094b3b975411485906f1a2621ac547e8a25872123de0cb2e3b61a2fdc0ee8f131ce3b05b5621f4a11dfb3a

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
                                                                                                                                              Filesize

                                                                                                                                              2B

                                                                                                                                              MD5

                                                                                                                                              99914b932bd37a50b983c5e7c90ae93b

                                                                                                                                              SHA1

                                                                                                                                              bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                                                              SHA256

                                                                                                                                              44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                                                              SHA512

                                                                                                                                              27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
                                                                                                                                              Filesize

                                                                                                                                              3KB

                                                                                                                                              MD5

                                                                                                                                              7ce47df53c8f0ba7ccf885c309afc484

                                                                                                                                              SHA1

                                                                                                                                              b25ad9723b06d3861498caa32ffb1b7b38701a95

                                                                                                                                              SHA256

                                                                                                                                              7031b6b7bc43cf4ee90d4ec4860b78a442352243ea28f5d959b56222b13de2e4

                                                                                                                                              SHA512

                                                                                                                                              78585fbfcfe2e7a27f0ee168075958923184e67da1668850d0e66e31f0fd0a5516c04a17693ad197da7ffffb179265cd54fe0629fa30e00a6f269c6d68277efd

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                                              Filesize

                                                                                                                                              1KB

                                                                                                                                              MD5

                                                                                                                                              0665291e471fc0d65b1feb6204f55d58

                                                                                                                                              SHA1

                                                                                                                                              dafd59ed8ba23e4c71740aef1b348e5760812d01

                                                                                                                                              SHA256

                                                                                                                                              2792beaa0566acda16c6db83ccc1cd75fac21ef076f4a11bee4c214e2917ddb4

                                                                                                                                              SHA512

                                                                                                                                              7260917080b2be01668546f5152d2cbc8902898497e4ecdd5da9a67d2127450bd2ce155b19121a4646cc0ad1337b53d04495e0b54c6e52aee7c1fb2f411e7d64

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404182223381\additional_file0.tmp
                                                                                                                                              Filesize

                                                                                                                                              2.5MB

                                                                                                                                              MD5

                                                                                                                                              15d8c8f36cef095a67d156969ecdb896

                                                                                                                                              SHA1

                                                                                                                                              a1435deb5866cd341c09e56b65cdda33620fcc95

                                                                                                                                              SHA256

                                                                                                                                              1521c69f478e9ced2f64b8714b9e19724e747cd8166e0f7ab5db1151a523dda8

                                                                                                                                              SHA512

                                                                                                                                              d6f48180d4dcb5ba83a9c0166870ac00ea67b615e749edf5994bc50277bf97ca87f582ac6f374c5351df252db73ee1231c943b53432dbb7563e12bbaf5bb393a

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404182223381\opera_package
                                                                                                                                              Filesize

                                                                                                                                              85.0MB

                                                                                                                                              MD5

                                                                                                                                              79a20d5ca95b963e5fcc883554829796

                                                                                                                                              SHA1

                                                                                                                                              ebde7a093f8a9345ecc040dc432a6b507dd3a799

                                                                                                                                              SHA256

                                                                                                                                              3366c7f6dd5ffc343f65b9b5a2917b4122411f6f6e6a6fc52f1ef5384b1ffe4b

                                                                                                                                              SHA512

                                                                                                                                              9801e9dbd4dd2143c29d08970be76e5ef19736860a3650c74bfa1798099ee9ce577474b4f524e6478d65ab0f13a894dd5da7b2e5e29d847711fa6dc90b7863d8

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                                                              Filesize

                                                                                                                                              2.9MB

                                                                                                                                              MD5

                                                                                                                                              433b486eb9bc49054b16c3c2baa7e193

                                                                                                                                              SHA1

                                                                                                                                              11a8f9743118d1360e46b514164595019a846415

                                                                                                                                              SHA256

                                                                                                                                              1351d42fa1dd756c95eb9b787e8d48b2c100721b5b3a7a7056b7292ffb3fb484

                                                                                                                                              SHA512

                                                                                                                                              ef4ad879399a7ed9548c0c952b0b492a31111e432274edaa98aa4be7886ac55c7590aadf98b08052ba131a823ffa0eaadbdd592a0ed177e15326e63486f0c794

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\1000054001\amert.exe
                                                                                                                                              Filesize

                                                                                                                                              1.8MB

                                                                                                                                              MD5

                                                                                                                                              1ed78f44a2cad6e08da27edbc701b4bc

                                                                                                                                              SHA1

                                                                                                                                              e7a8bc103762db81429b13497c065ac16cac4b85

                                                                                                                                              SHA256

                                                                                                                                              20bd5a075cfee256a6cc19803fb9964834590840ada1212f7eca0a9d990e8359

                                                                                                                                              SHA512

                                                                                                                                              3882675eadbc45a7b534c0efc671551926bbc333275e03e8a4b23fdfc958af231094b65855fceccf6ec7c63ead1ad1a21bf3853e95eb05adca093a7820c22244

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\1000055001\9e758d26ed.exe
                                                                                                                                              Filesize

                                                                                                                                              1.1MB

                                                                                                                                              MD5

                                                                                                                                              76c779d2a6e42c6dbcff43e67bb38ca3

                                                                                                                                              SHA1

                                                                                                                                              558f8e6b714efaeaba794e7d2b7821936a4da077

                                                                                                                                              SHA256

                                                                                                                                              e820be731929c621a94de7bd83e0da4796c103632961bda20ffbd568279e6f43

                                                                                                                                              SHA512

                                                                                                                                              516d91d0e635f3468d135bf51f507fe3d81c1fb72c8baccc08a0e7c05c6dcaefd2816ca937cb2f8ca0ab8f4c8e78a2917b22dc10c289221e8450cfba34bebf3e

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\1000056001\887c48bd6d.exe
                                                                                                                                              Filesize

                                                                                                                                              2.2MB

                                                                                                                                              MD5

                                                                                                                                              3709ad0a7007bcae942b905a07bd6bba

                                                                                                                                              SHA1

                                                                                                                                              9d25192c841f3b2fb1b9bbb0dfdcec6cdaaca3a7

                                                                                                                                              SHA256

                                                                                                                                              2248caa741ec4d757c597091f2bab56f694181ef5a677bdab47d990e4c7f695a

                                                                                                                                              SHA512

                                                                                                                                              d41cbc49ded02909e0eae68da22988c36993bde9db4025f64d45007d2c47ed07a7cdc1a2b28ae1cb7ecb8d4c5169cb4084650adaddb656caf33b4e0ad85239fc

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\1000147001\swiiiii.exe
                                                                                                                                              Filesize

                                                                                                                                              321KB

                                                                                                                                              MD5

                                                                                                                                              1c7d0f34bb1d85b5d2c01367cc8f62ef

                                                                                                                                              SHA1

                                                                                                                                              33aedadb5361f1646cffd68791d72ba5f1424114

                                                                                                                                              SHA256

                                                                                                                                              e9e09c5e5d03d21fca820bd9b0a0ea7b86ab9e85cdc9996f8f1dc822b0cc801c

                                                                                                                                              SHA512

                                                                                                                                              53bf85d2b004f69bbbf7b6dc78e5f021aba71b6f814101c55d3bf76e6d058a973bc58270b6b621b2100c6e02d382f568d1e96024464e8ea81e6db8ccd948679d

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\1000148001\alexxxxxxxx.exe
                                                                                                                                              Filesize

                                                                                                                                              1.7MB

                                                                                                                                              MD5

                                                                                                                                              85a15f080b09acace350ab30460c8996

                                                                                                                                              SHA1

                                                                                                                                              3fc515e60e4cfa5b3321f04a96c7fb463e4b9d02

                                                                                                                                              SHA256

                                                                                                                                              3a2006bc835a8ffe91b9ee9206f630b3172f42e090f4e8d90be620e540f5ef6b

                                                                                                                                              SHA512

                                                                                                                                              ade5e3531dfa1a01e6c2a69deb2962cbf619e766da3d6e8e3453f70ff55ccbcbe21381c7b97a53d67e1ca88975f4409b1a42a759e18f806171d29e4c3f250e9f

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\1000149001\gold.exe
                                                                                                                                              Filesize

                                                                                                                                              488KB

                                                                                                                                              MD5

                                                                                                                                              82053649cadec1a338509e46ba776fbd

                                                                                                                                              SHA1

                                                                                                                                              6d8e479a6dc76d54109bb2e602b8087d55537510

                                                                                                                                              SHA256

                                                                                                                                              30468f8b767772214c60a701ecfee11c634516c3e2de146cd07638ea00dd0b6e

                                                                                                                                              SHA512

                                                                                                                                              e4b2b219483477a73fec5a207012f77c7167bf7b7f9adcb80ee92f87ddfe592a0d520f2afee531d1cce926ef56da2b065b13630a1cc171f48db8f7987e10897a

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\1000150001\NewB.exe
                                                                                                                                              Filesize

                                                                                                                                              418KB

                                                                                                                                              MD5

                                                                                                                                              0099a99f5ffb3c3ae78af0084136fab3

                                                                                                                                              SHA1

                                                                                                                                              0205a065728a9ec1133e8a372b1e3864df776e8c

                                                                                                                                              SHA256

                                                                                                                                              919ae827ff59fcbe3dbaea9e62855a4d27690818189f696cfb5916a88c823226

                                                                                                                                              SHA512

                                                                                                                                              5ac4f3265c7dd7d172284fb28c94f8fc6428c27853e70989f4ec4208f9897be91720e8eee1906d8e843ab05798f3279a12492a32e8a118f5621ac5e1be2031b6

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\1000152001\jok.exe
                                                                                                                                              Filesize

                                                                                                                                              304KB

                                                                                                                                              MD5

                                                                                                                                              8510bcf5bc264c70180abe78298e4d5b

                                                                                                                                              SHA1

                                                                                                                                              2c3a2a85d129b0d750ed146d1d4e4d6274623e28

                                                                                                                                              SHA256

                                                                                                                                              096220045877e456edfea1adcd5bf1efd332665ef073c6d1e9474c84ca5433f6

                                                                                                                                              SHA512

                                                                                                                                              5ff0a47f9e14e22fc76d41910b2986605376605913173d8ad83d29d85eb79b679459e2723a6ad17bc3c3b8c9b359e2be7348ee1c21fa2e8ceb7cc9220515258d

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\1000153001\swiiii.exe
                                                                                                                                              Filesize

                                                                                                                                              158KB

                                                                                                                                              MD5

                                                                                                                                              586f7fecacd49adab650fae36e2db994

                                                                                                                                              SHA1

                                                                                                                                              35d9fb512a8161ce867812633f0a43b042f9a5e6

                                                                                                                                              SHA256

                                                                                                                                              cf88d499c83da613ad5ccd8805822901bdc3a12eb9b15804aeff8c53dc05fc4e

                                                                                                                                              SHA512

                                                                                                                                              a44a2c99d18509681505cf70a251baf2558030a8648d9c621acc72fafcb2f744e3ef664dfd0229baf7c78fb72e69f5d644c755ded4060dcafa7f711d70e94772

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\1000167001\build_1GyXIDXRUC.exe
                                                                                                                                              Filesize

                                                                                                                                              210KB

                                                                                                                                              MD5

                                                                                                                                              51b0ed6b4908a21e5cc1d9ec7c046040

                                                                                                                                              SHA1

                                                                                                                                              d874f6da7327b2f1b3ace5e66bc763c557ac382e

                                                                                                                                              SHA256

                                                                                                                                              4e68c5a537320cbe88842a53e5691b7f1a590b9c0b491a12baaeeda111dcaa4d

                                                                                                                                              SHA512

                                                                                                                                              48ec96b209d7061a1276496feb250cf183891b950465d3a916c999aa1efc1c8831b068ce0fce4ce21d09677f945b3d816ed4040146462a0ce0845318041586a2

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\1000173001\Startup.exe
                                                                                                                                              Filesize

                                                                                                                                              3.3MB

                                                                                                                                              MD5

                                                                                                                                              76eae6ef736073145d6c06d981615ff9

                                                                                                                                              SHA1

                                                                                                                                              6612a26d5db4a6a745fed7518ec93a1121fffd9c

                                                                                                                                              SHA256

                                                                                                                                              3acdea11112584cd1f78da03f6af5cfc0f883309fc5ec552fa6b9c85a6c483bb

                                                                                                                                              SHA512

                                                                                                                                              e7c118bbe9f62d5834b374e05242636b32daab2c1fe607521d6e78520665c59f78637b74c85d171f8608e255be50731771f0a09dcca69e016b281ee02ab77231

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\1000181001\file300un.exe
                                                                                                                                              Filesize

                                                                                                                                              559KB

                                                                                                                                              MD5

                                                                                                                                              9ee0c556e1b952495a74709e6b06459a

                                                                                                                                              SHA1

                                                                                                                                              1b631e41b43d6f7ef3f7d140c1eb14ecf1cd861d

                                                                                                                                              SHA256

                                                                                                                                              0e236536f9fc793be5f2e276555817d0bb9206e9d56904bc509188bc42515129

                                                                                                                                              SHA512

                                                                                                                                              1ec91c9e0ab4e359be73677f81150922ed06fc58e621e2115d4c607afb94dbf69a8362db14a531ff6aba69b1dc8e3cd2a0aa0ba626320caa9c250060bbe44558

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\1000193001\ISetup8.exe
                                                                                                                                              Filesize

                                                                                                                                              412KB

                                                                                                                                              MD5

                                                                                                                                              6a84e6c0021605ff091449bfbe83a7b3

                                                                                                                                              SHA1

                                                                                                                                              9ff7c79006f2ec923f3789e92eea390dc987ddca

                                                                                                                                              SHA256

                                                                                                                                              850ef11c40f5aeb9e66b7e595842089f74e35134cc2571f1217fc391fb5beec8

                                                                                                                                              SHA512

                                                                                                                                              294866d1444906bdb2e270a1bc0363b8da30fcb3e6d5399b13e70b55d9670b5829d20a259b3338d7949e2afdb8d0bdac6c11bf9cbfd360c69ea6d21be9e7361a

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\1000194001\toolspub1.exe
                                                                                                                                              Filesize

                                                                                                                                              307KB

                                                                                                                                              MD5

                                                                                                                                              a11d2533c5dd2b17161fc2eea2ba1bef

                                                                                                                                              SHA1

                                                                                                                                              f7f42c054b83cb0cc3bb0a54a75195f920d9ced8

                                                                                                                                              SHA256

                                                                                                                                              4da76547d7081b68f3af83c77a5c75b2ff3f0691d7c58aca34632ff2ecd1e98c

                                                                                                                                              SHA512

                                                                                                                                              0053214e42b72365bd435ab8f35e4ddc8774c347dfa57d90c9f49c81b23dd1178f0a77b0facb0cce0d29b67b33eb7243a5c7c4f267274374e095a47f4a301a0b

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\1000195001\4767d2e713f2021e8fe856e3ea638b58.exe
                                                                                                                                              Filesize

                                                                                                                                              4.2MB

                                                                                                                                              MD5

                                                                                                                                              2e78c9318e8d9e63a9bbd8756a1fc49a

                                                                                                                                              SHA1

                                                                                                                                              5a92c19ea81fd2313a6538d5786368e470f54bce

                                                                                                                                              SHA256

                                                                                                                                              91ea2eb28f0db5a6bba60519b77c8dc4005beac2fb3ebc2180aa0032c6a8135c

                                                                                                                                              SHA512

                                                                                                                                              ec17194bfc8d1fc54375a63cb2d067753d4c210ad5c62bd6c536606cdeab278b48f3b3618afbc792d6082892d277fd3a0561812bf06337f6af173ce2f1d0f586

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\1000196001\FirstZ.exe
                                                                                                                                              Filesize

                                                                                                                                              2.5MB

                                                                                                                                              MD5

                                                                                                                                              ffada57f998ed6a72b6ba2f072d2690a

                                                                                                                                              SHA1

                                                                                                                                              6857b5f0c40a1cdb0411eb34aa9fe5029bcdb84f

                                                                                                                                              SHA256

                                                                                                                                              677f393462e24fb6dba1a47b39e674f485450f91deee6076ccbad9fd5e05bd12

                                                                                                                                              SHA512

                                                                                                                                              1de77f83a89935bb3fc3772d5190c3827d76a998785d451e2c0d11a0061cfd28f1b96eccb41b012c76ddda2021e3333a0a647489ae3c6dac10cfb8302abdf33f

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\1000198001\Uni400uni.exe
                                                                                                                                              Filesize

                                                                                                                                              556KB

                                                                                                                                              MD5

                                                                                                                                              e1d8325b086f91769120381b78626e2e

                                                                                                                                              SHA1

                                                                                                                                              0eb6827878445d3e3e584b7f08067a7a4dc9e618

                                                                                                                                              SHA256

                                                                                                                                              b925abb193e7003f4a692064148ffe7840096022a44f4d5ae4c0abb59a287934

                                                                                                                                              SHA512

                                                                                                                                              c8c0b424c2ed7ee598997bdc0b0d2099b650a280903716891b0eaa340acf556c0642d921fcb7f654387a4a1f1ec4a32feaf8d872b51ca482a977f11e2974072c

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\1000200001\070.exe
                                                                                                                                              Filesize

                                                                                                                                              3.9MB

                                                                                                                                              MD5

                                                                                                                                              f1d29fddb47e42d7dbf2cf42ba36cc72

                                                                                                                                              SHA1

                                                                                                                                              95be0248f53891aa5abecc498af5c3c98b532ba6

                                                                                                                                              SHA256

                                                                                                                                              a50431ef857f65eb57d4418d917b25307371dd2612c045c0d34f78cea631996c

                                                                                                                                              SHA512

                                                                                                                                              f2e82e4e57dc6b3033ac74846f9830092521a26067d96f1c07b613258267c2d578bee901a0db04cd4fad13d2cc8afbbd3c3a685e040d225afd70203891632bbd

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\6f98d0e0
                                                                                                                                              Filesize

                                                                                                                                              5.9MB

                                                                                                                                              MD5

                                                                                                                                              dcc26dd014bad9eafa9066d3781b615d

                                                                                                                                              SHA1

                                                                                                                                              b0cb8621ca58a196ac73bed4e525deacfaf2d836

                                                                                                                                              SHA256

                                                                                                                                              69502ffc7e2b8946d420e682cd1421f58a17f489590f761c580ce2a4feb74ae3

                                                                                                                                              SHA512

                                                                                                                                              5a7804fdebe09aada86e327899fa7ce6830c26c426d398dd72ef68121c33e59c2572709a725f43d6f1d31c52e7b4ea10b2128d00d530a00ef9db9a8efef204e3

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\7zSE7EA.tmp\Install.exe
                                                                                                                                              Filesize

                                                                                                                                              6.8MB

                                                                                                                                              MD5

                                                                                                                                              e77964e011d8880eae95422769249ca4

                                                                                                                                              SHA1

                                                                                                                                              8e15d7c4b7812a1da6c91738c7178adf0ff3200f

                                                                                                                                              SHA256

                                                                                                                                              f200984380d291051fc4b342641cd34e7560cadf4af41b2e02b8778f14418f50

                                                                                                                                              SHA512

                                                                                                                                              8feb3dc4432ec0a87416cbc75110d59efaf6504b4de43090fc90286bd37f98fc0a5fb12878bb33ac2f6cd83252e8dfd67dd96871b4a224199c1f595d33d4cade

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\Opera_installer_2404182223383426452.dll
                                                                                                                                              Filesize

                                                                                                                                              4.6MB

                                                                                                                                              MD5

                                                                                                                                              0415cb7be0361a74a039d5f31e72fa65

                                                                                                                                              SHA1

                                                                                                                                              46ae154436c8c059ee75cbc6a18ccda96bb2021d

                                                                                                                                              SHA256

                                                                                                                                              bb38a8806705980ee3e9181c099e8d5c425e6c9505a88e5af538ca6a48951798

                                                                                                                                              SHA512

                                                                                                                                              f71c2b9e1559aa4eb2d72f852ef9807c781d4a7b96b8e0c2c53b895885319146bd43aa6e4223d43159f3d40bc60704206404dc034500e47fca0a94e53b60239e

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\Qg_Appv5.exe
                                                                                                                                              Filesize

                                                                                                                                              14.7MB

                                                                                                                                              MD5

                                                                                                                                              6955715b6ff15bdc153a2431cc395cca

                                                                                                                                              SHA1

                                                                                                                                              272e1eec66a1871b300484b2200b507a4abe5420

                                                                                                                                              SHA256

                                                                                                                                              a6d40169be9c151e9e6c86fe53d2bac3b4c2ddb41c0b650d961f8328939b4761

                                                                                                                                              SHA512

                                                                                                                                              cf82d27d7010be69ab1c288fef9d820905407c8018e2a91f3c39a0eda5e9378e0ff04d077520d556d46d7a9cb0a3a640d15a10ad4090e482be3c83930836019d

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\Tmp274A.tmp
                                                                                                                                              Filesize

                                                                                                                                              2KB

                                                                                                                                              MD5

                                                                                                                                              1420d30f964eac2c85b2ccfe968eebce

                                                                                                                                              SHA1

                                                                                                                                              bdf9a6876578a3e38079c4f8cf5d6c79687ad750

                                                                                                                                              SHA256

                                                                                                                                              f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9

                                                                                                                                              SHA512

                                                                                                                                              6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\Zqicom_beta\UniversalInstaller.exe
                                                                                                                                              Filesize

                                                                                                                                              2.4MB

                                                                                                                                              MD5

                                                                                                                                              9fb4770ced09aae3b437c1c6eb6d7334

                                                                                                                                              SHA1

                                                                                                                                              fe54b31b0db8665aa5b22bed147e8295afc88a03

                                                                                                                                              SHA256

                                                                                                                                              a05b592a971fe5011554013bcfe9a4aaf9cfc633bdd1fe3a8197f213d557b8d3

                                                                                                                                              SHA512

                                                                                                                                              140fee6daf23fe8b7e441b3b4de83554af804f00ecedc421907a385ac79a63164bd9f28b4be061c2ea2262755d85e14d3a8e7dc910547837b664d78d93667256

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4xap5zyu.3df.ps1
                                                                                                                                              Filesize

                                                                                                                                              1B

                                                                                                                                              MD5

                                                                                                                                              c4ca4238a0b923820dcc509a6f75849b

                                                                                                                                              SHA1

                                                                                                                                              356a192b7913b04c54574d18c28d46e6395428ab

                                                                                                                                              SHA256

                                                                                                                                              6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

                                                                                                                                              SHA512

                                                                                                                                              4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\tmp5A63.tmp
                                                                                                                                              Filesize

                                                                                                                                              46KB

                                                                                                                                              MD5

                                                                                                                                              02d2c46697e3714e49f46b680b9a6b83

                                                                                                                                              SHA1

                                                                                                                                              84f98b56d49f01e9b6b76a4e21accf64fd319140

                                                                                                                                              SHA256

                                                                                                                                              522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

                                                                                                                                              SHA512

                                                                                                                                              60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\tmp5AB4.tmp
                                                                                                                                              Filesize

                                                                                                                                              92KB

                                                                                                                                              MD5

                                                                                                                                              dc89cfe2a3b5ff9acb683c7237226713

                                                                                                                                              SHA1

                                                                                                                                              24f19bc7d79fa0c5af945b28616225866ee51dd5

                                                                                                                                              SHA256

                                                                                                                                              ceddefa824f1dd6e7e669d4470e18e557c22fe73359f5b31edf4537473b96148

                                                                                                                                              SHA512

                                                                                                                                              ee5d047e1124351997ecfaa5c8bd3e9ce8a974ac281675cda4d0a55e40f3883336a2378b9ebf3d1f227d01b386c26473c32e39bcab836da2b392bf778a6cf5c2

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\u3us.1.exe
                                                                                                                                              Filesize

                                                                                                                                              4.6MB

                                                                                                                                              MD5

                                                                                                                                              397926927bca55be4a77839b1c44de6e

                                                                                                                                              SHA1

                                                                                                                                              e10f3434ef3021c399dbba047832f02b3c898dbd

                                                                                                                                              SHA256

                                                                                                                                              4f07e1095cc915b2d46eb149d1c3be14f3f4b4bd2742517265947fd23bdca5a7

                                                                                                                                              SHA512

                                                                                                                                              cf54136b977fc8af7e8746d78676d0d464362a8cfa2213e392487003b5034562ee802e6911760b98a847bddd36ad664f32d849af84d7e208d4648bd97a2fa954

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\u480.0.exe
                                                                                                                                              Filesize

                                                                                                                                              306KB

                                                                                                                                              MD5

                                                                                                                                              9e7bd4e6b0220bbb8c4068a02939e692

                                                                                                                                              SHA1

                                                                                                                                              92b8c83e84d6823bf4cf5238f368c27e5243241d

                                                                                                                                              SHA256

                                                                                                                                              a547ce72c56e28616970d53b15e05cf4532a20384cae7a72b8428789a48028ef

                                                                                                                                              SHA512

                                                                                                                                              7c1a0dcdcbeb988679ad24cbef85bd0b3f6c6c41c8699d506be3a1d6b0542fff0f6ec85eb53fe98278f787cd108771e2d168e2a9080327706edc629c41f57522

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\WB3LLp8BhM9pMA7jPCDuyk3V.exe
                                                                                                                                              Filesize

                                                                                                                                              4.2MB

                                                                                                                                              MD5

                                                                                                                                              1842fc317e5a1d69802a698ae55c38f2

                                                                                                                                              SHA1

                                                                                                                                              151e6beea179734ac936b9a09553694497ac25b5

                                                                                                                                              SHA256

                                                                                                                                              3a28b148d121751482a29d954aeed15f8ae208f86cd3ed6b819c5c5c842e0cf9

                                                                                                                                              SHA512

                                                                                                                                              c625d83b286c3e704f43ec80a4fed5c91bba6929c1c89e23bdc642d8778ea063507b578a7ef74368c815f4baf03fc1a8edfb4b3d9449619c3651a8cf33b139c2

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Local\YxmBadREMRqUhK4yTbt5Tder.exe
                                                                                                                                              Filesize

                                                                                                                                              6.5MB

                                                                                                                                              MD5

                                                                                                                                              5d5da0738299d8893b79a6c926765e5f

                                                                                                                                              SHA1

                                                                                                                                              b05c2cfd30ca1c163cb829b7e7e5ea2d6c57d1d1

                                                                                                                                              SHA256

                                                                                                                                              53c80bee05d28fe65ab0ae6459753fe7b804c0b68b85faaf828576687ef28ca3

                                                                                                                                              SHA512

                                                                                                                                              d9fffe943131e71762f5e2e1ad3d23053069f0f028054be9ec2c8491a6812adadacbf099ab8fa79ca9916ceda14ccaedfe4a0e1e5235871a97145ef77d7b0b26

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4106386276-4127174233-3637007343-1000\76b53b3ec448f7ccdda2063b15d2bfc3_ebaa0802-254d-4be1-a642-a8a5c0b06224
                                                                                                                                              Filesize

                                                                                                                                              2KB

                                                                                                                                              MD5

                                                                                                                                              ff34a105f6eba4937e03807001ea67e9

                                                                                                                                              SHA1

                                                                                                                                              56e96afe84d44a901438bdd9c89dacba6f46d50c

                                                                                                                                              SHA256

                                                                                                                                              6afdcbbf7f03fbf84a886869d36a5dc9cbfa4dd608935425ba57b1f8554e143f

                                                                                                                                              SHA512

                                                                                                                                              412b1e1f2534f198b75c28feec7fabd76b2ccd7c4ccdfe4ae31fd6fcfcefb8faaf7fa361c0d965783342292d96ed6956b91233bfa4599f686e5e8f7adeb1a645

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
                                                                                                                                              Filesize

                                                                                                                                              40B

                                                                                                                                              MD5

                                                                                                                                              cde47ac03a7d4c5a9ae6193ebeabe294

                                                                                                                                              SHA1

                                                                                                                                              3296ab6ff9670eeedc91e86811bd71723eb000fa

                                                                                                                                              SHA256

                                                                                                                                              2a7e602ef8d1e8fbbab635df584c40b8d4fc64c13791537c9fab42d52eb20881

                                                                                                                                              SHA512

                                                                                                                                              9c2b536067bd2dc0e53dcf8efc3bc91d203e4a3b8c8c7ea6aabc237c2a55e86b4741f774017b680453dfe570df2c40c845f8940bb7ea57cf7814d46a9fd7d87b

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\cred64.dll
                                                                                                                                              Filesize

                                                                                                                                              1.2MB

                                                                                                                                              MD5

                                                                                                                                              15a42d3e4579da615a384c717ab2109b

                                                                                                                                              SHA1

                                                                                                                                              22aeedeb2307b1370cdab70d6a6b6d2c13ad2301

                                                                                                                                              SHA256

                                                                                                                                              3c97bb410e49b11af8116feb7240b7101e1967cae7538418c45c3d2e072e8103

                                                                                                                                              SHA512

                                                                                                                                              1eb7f126dccc88a2479e3818c36120f5af3caa0d632b9ea803485ee6531d6e2a1fd0805b1c4364983d280df23ea5ca3ad4a5fca558ac436efae36af9b795c444

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\clip64.dll
                                                                                                                                              Filesize

                                                                                                                                              109KB

                                                                                                                                              MD5

                                                                                                                                              154c3f1334dd435f562672f2664fea6b

                                                                                                                                              SHA1

                                                                                                                                              51dd25e2ba98b8546de163b8f26e2972a90c2c79

                                                                                                                                              SHA256

                                                                                                                                              5f431129f97f3d56929f1e5584819e091bd6c854d7e18503074737fc6d79e33f

                                                                                                                                              SHA512

                                                                                                                                              1bca69bbcdb7ecd418769e9d4befc458f9f8e3cee81feb7316bb61e189e2904f4431e4cc7d291e179a5dec441b959d428d8e433f579036f763bbad6460222841

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Roaming\c1ec479e5342a2\cred64.dll
                                                                                                                                              Filesize

                                                                                                                                              1.2MB

                                                                                                                                              MD5

                                                                                                                                              f35b671fda2603ec30ace10946f11a90

                                                                                                                                              SHA1

                                                                                                                                              059ad6b06559d4db581b1879e709f32f80850872

                                                                                                                                              SHA256

                                                                                                                                              83e3df5bec15d5333935bea8b719a6d677e2fb3dc1cf9e18e7b82fd0438285c7

                                                                                                                                              SHA512

                                                                                                                                              b5fa27d08c64727cef7fdda5e68054a4359cd697df50d70d1d90da583195959a139066a6214531bbc5f20cd4f9bc1ca3e4244396547381291a6a1d2df9cf8705

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Roaming\configurationValue\Traffic.exe
                                                                                                                                              Filesize

                                                                                                                                              541KB

                                                                                                                                              MD5

                                                                                                                                              1fc4b9014855e9238a361046cfbf6d66

                                                                                                                                              SHA1

                                                                                                                                              c17f18c8246026c9979ab595392a14fe65cc5e9f

                                                                                                                                              SHA256

                                                                                                                                              f38c27ecbeed9721f0885d3b2f2f767d60a5d1c0a5c98433357f570987da3e50

                                                                                                                                              SHA512

                                                                                                                                              2af234cac24ec4a508693d9affa7f759d4b29bb3c9ddffd9e6350959fd4da26501553399d2b02a8eeae8dace6bfe9b2ce50462ce3c6547497f5b0ea6ed226b12

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\AppData\Roaming\configurationValue\propro.exe
                                                                                                                                              Filesize

                                                                                                                                              304KB

                                                                                                                                              MD5

                                                                                                                                              cc90e3326d7b20a33f8037b9aab238e4

                                                                                                                                              SHA1

                                                                                                                                              236d173a6ac462d85de4e866439634db3b9eeba3

                                                                                                                                              SHA256

                                                                                                                                              bd73ee49a23901f9fb235f8a5b29adc72cc637ad4b62a9760c306900cb1678b7

                                                                                                                                              SHA512

                                                                                                                                              b5d197a05a267bf66509b6d976924cd6f5963532a9f9f22d1763701d4fba3dfa971e0058388249409884bc29216fb33a51846562a5650f81d99ce14554861521

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\Pictures\5Se0lX8ljGDnISY17A49oNuH.exe
                                                                                                                                              Filesize

                                                                                                                                              5.1MB

                                                                                                                                              MD5

                                                                                                                                              0c9c2f9a0ac77ee86f3485352bd676cf

                                                                                                                                              SHA1

                                                                                                                                              a35f21542b34b574e89d39b527f2c1473c6a2f1e

                                                                                                                                              SHA256

                                                                                                                                              bd77a29dbcca319e91b59980361bc322e3a2a1c35e3521a0cfbcc69d68ab4929

                                                                                                                                              SHA512

                                                                                                                                              df248801abc8212ac168648eee3c10f8ebfa6895836a618611b38a08106122f8fbe0b160a24f5bfb70f32a26ad14663b4cef3268fdde20a44c6e34c32df08c2a

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\Pictures\RllzKEXIa1k3SlWC6PYaO3ZR.exe
                                                                                                                                              Filesize

                                                                                                                                              5.1MB

                                                                                                                                              MD5

                                                                                                                                              6ec0b6275783f0fe13885c32fda09c52

                                                                                                                                              SHA1

                                                                                                                                              857ff4eb13527a0678bdcf63d92c3a5f108ae268

                                                                                                                                              SHA256

                                                                                                                                              2d0840b5df6f4cd30768e635ae8122c0c7bfa64b65e5b79e91045843590bd7a2

                                                                                                                                              SHA512

                                                                                                                                              3afeb5214ff395b216f2f76cc85251f903155d515286ccb958b1a9097317ad1bdca07c7b209086aee7f4d9cf27a41d827b7570f2b8a5e17e31799162fc209533

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Admin\Pictures\nXSZ4aVP3nbolmtKfbFTrHMB.exe
                                                                                                                                              Filesize

                                                                                                                                              7KB

                                                                                                                                              MD5

                                                                                                                                              5b423612b36cde7f2745455c5dd82577

                                                                                                                                              SHA1

                                                                                                                                              0187c7c80743b44e9e0c193e993294e3b969cc3d

                                                                                                                                              SHA256

                                                                                                                                              e0840d2ea74a00dcc545d770b91d9d889e5a82c7bedf1b989e0a89db04685b09

                                                                                                                                              SHA512

                                                                                                                                              c26a1e7e96dbd178d961c630abd8e564ef69532f386fb198eb20119a88ecab2fe885d71ac0c90687c18910ce00c445f352a5e8fbf5328f3403964f7c7802414c

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Users\Public\Desktop\Google Chrome.lnk
                                                                                                                                              Filesize

                                                                                                                                              2KB

                                                                                                                                              MD5

                                                                                                                                              c01f05f08621230cfd1f0be4f3a083e3

                                                                                                                                              SHA1

                                                                                                                                              bd3173b79a6d1cd3ae811689be33b52644926750

                                                                                                                                              SHA256

                                                                                                                                              02c8ec24d83d7f8532b8f3e6b28adae62c75945dc0e9e5c76375082563f2fdae

                                                                                                                                              SHA512

                                                                                                                                              448a81229144c8df77e496fae37d7885473506504b84d3e4532acd2dc5a156e5b7cbc9038e11c4758e5253e0fc5a13228ffa7f7de30db49a85f23e0e6a4fa326

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Windows\System32\GroupPolicy\gpt.ini
                                                                                                                                              Filesize

                                                                                                                                              127B

                                                                                                                                              MD5

                                                                                                                                              8ef9853d1881c5fe4d681bfb31282a01

                                                                                                                                              SHA1

                                                                                                                                              a05609065520e4b4e553784c566430ad9736f19f

                                                                                                                                              SHA256

                                                                                                                                              9228f13d82c3dc96b957769f6081e5bac53cffca4ffde0ba1e102d9968f184a2

                                                                                                                                              SHA512

                                                                                                                                              5ddee931a08cfea5bb9d1c36355d47155a24d617c2a11d08364ffc54e593064011dee4fea8ac5b67029cab515d3071f0ba0422bb76af492a3115272ba8feb005

                                                                                                                                              Download Submit

                                                                                                                                            • C:\Windows\System32\GroupPolicy\gpt.ini
                                                                                                                                              Filesize

                                                                                                                                              127B

                                                                                                                                              MD5

                                                                                                                                              7cc972a3480ca0a4792dc3379a763572

                                                                                                                                              SHA1

                                                                                                                                              f72eb4124d24f06678052706c542340422307317

                                                                                                                                              SHA256

                                                                                                                                              02ad5d151250848f2cc4b650a351505aa58ac13c50da207cc06295c123ddf5e5

                                                                                                                                              SHA512

                                                                                                                                              ff5f320356e59eaf8f2b7c5a2668541252221be2d9701006fcc64ce802e66eeaf6ecf316d925258eb12ee5b8b7df4f8da075e9524badc0024b55fae639d075b7

                                                                                                                                              Download Submit

                                                                                                                                            • \??\pipe\crashpad_2596_QBBRIMYPMKTRJYES
                                                                                                                                              MD5

                                                                                                                                              d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                              SHA1

                                                                                                                                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                              SHA256

                                                                                                                                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                              SHA512

                                                                                                                                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                              Download Submit

                                                                                                                                            • \Users\Admin\AppData\Roaming\a091ec0a6e2227\clip64.dll
                                                                                                                                              Filesize

                                                                                                                                              109KB

                                                                                                                                              MD5

                                                                                                                                              726cd06231883a159ec1ce28dd538699

                                                                                                                                              SHA1

                                                                                                                                              404897e6a133d255ad5a9c26ac6414d7134285a2

                                                                                                                                              SHA256

                                                                                                                                              12fef2d5995d671ec0e91bdbdc91e2b0d3c90ed3a8b2b13ddaa8ad64727dcd46

                                                                                                                                              SHA512

                                                                                                                                              9ea82e7cb6c6a58446bd5033855947c3e2d475d2910f2b941235e0b96aa08eec822d2dd17cc86b2d3fce930f78b799291992408e309a6c63e3011266810ea83e

                                                                                                                                              Download Submit

                                                                                                                                            • memory/236-367-0x0000000000400000-0x000000000044C000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              304KB

                                                                                                                                              Download

                                                                                                                                            • memory/236-364-0x0000000000400000-0x000000000044C000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              304KB

                                                                                                                                              Download

                                                                                                                                            • memory/316-388-0x0000000000400000-0x0000000000592000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              1.6MB

                                                                                                                                              Download

                                                                                                                                            • memory/1928-165-0x000001C5A9470000-0x000001C5A9480000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              64KB

                                                                                                                                              Download

                                                                                                                                            • memory/1928-192-0x000001C5A9730000-0x000001C5A97A6000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              472KB

                                                                                                                                              Download

                                                                                                                                            • memory/1928-174-0x000001C5A93D0000-0x000001C5A93F2000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              136KB

                                                                                                                                              Download

                                                                                                                                            • memory/1928-167-0x000001C5A9470000-0x000001C5A9480000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              64KB

                                                                                                                                              Download

                                                                                                                                            • memory/1928-162-0x00007FFCA4030000-0x00007FFCA4A1C000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              9.9MB

                                                                                                                                              Download

                                                                                                                                            • memory/2536-456-0x0000000000400000-0x0000000000452000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              328KB

                                                                                                                                              Download

                                                                                                                                            • memory/2568-47-0x00000000049D0000-0x00000000049D1000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2568-46-0x00000000049F0000-0x00000000049F1000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2568-51-0x0000000004A00000-0x0000000004A01000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2568-48-0x0000000004A10000-0x0000000004A11000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2568-43-0x0000000000A90000-0x0000000000F5E000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4.8MB

                                                                                                                                              Download

                                                                                                                                            • memory/2568-44-0x0000000000A90000-0x0000000000F5E000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4.8MB

                                                                                                                                              Download

                                                                                                                                            • memory/2568-45-0x00000000049E0000-0x00000000049E1000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2568-70-0x0000000000A90000-0x0000000000F5E000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4.8MB

                                                                                                                                              Download

                                                                                                                                            • memory/2568-50-0x00000000049C0000-0x00000000049C1000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2568-65-0x0000000004A20000-0x0000000004A21000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2568-49-0x0000000000A80000-0x0000000000A81000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2568-64-0x0000000004A30000-0x0000000004A31000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2816-117-0x00000000049E0000-0x00000000049E1000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2816-293-0x00000000000C0000-0x0000000000652000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.6MB

                                                                                                                                              Download

                                                                                                                                            • memory/2816-114-0x00000000000C0000-0x0000000000652000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.6MB

                                                                                                                                              Download

                                                                                                                                            • memory/2816-119-0x00000000049D0000-0x00000000049D1000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2816-118-0x0000000004A40000-0x0000000004A41000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2816-126-0x00000000049B0000-0x00000000049B1000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2816-125-0x0000000004A30000-0x0000000004A31000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2816-124-0x0000000004A50000-0x0000000004A51000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2816-203-0x00000000000C0000-0x0000000000652000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.6MB

                                                                                                                                              Download

                                                                                                                                            • memory/2816-123-0x0000000004A60000-0x0000000004A61000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2816-122-0x0000000004A10000-0x0000000004A11000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2816-127-0x0000000004A90000-0x0000000004A92000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              8KB

                                                                                                                                              Download

                                                                                                                                            • memory/2816-595-0x00000000000C0000-0x0000000000652000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.6MB

                                                                                                                                              Download

                                                                                                                                            • memory/2816-121-0x0000000004A20000-0x0000000004A21000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2816-120-0x00000000049C0000-0x00000000049C1000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2816-116-0x0000000004A00000-0x0000000004A01000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2816-390-0x00000000000C0000-0x0000000000652000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.6MB

                                                                                                                                              Download

                                                                                                                                            • memory/2816-314-0x00000000000C0000-0x0000000000652000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.6MB

                                                                                                                                              Download

                                                                                                                                            • memory/2816-311-0x00000000000C0000-0x0000000000652000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.6MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-207-0x0000000005130000-0x0000000005131000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-181-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-226-0x0000000005150000-0x0000000005151000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-224-0x00000000050F0000-0x00000000050F1000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-179-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-186-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-178-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-180-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-187-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-177-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-176-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-228-0x0000000005140000-0x0000000005141000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-189-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-190-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-222-0x0000000005100000-0x0000000005101000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-184-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-175-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-173-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-172-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-171-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-170-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-169-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-221-0x0000000005160000-0x0000000005161000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-168-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-163-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-166-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-161-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-157-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-193-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-156-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-155-0x00000000000E0000-0x00000000003F8000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              3.1MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-152-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-191-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-204-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-205-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-182-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-219-0x0000000005110000-0x0000000005111000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-227-0x0000000005170000-0x0000000005171000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-202-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/2968-206-0x0000000000400000-0x000000000097A000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              5.5MB

                                                                                                                                              Download

                                                                                                                                            • memory/3636-501-0x0000000000EA0000-0x000000000136E000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4.8MB

                                                                                                                                              Download

                                                                                                                                            • memory/3872-27-0x0000000004B20000-0x0000000004B21000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/3872-115-0x00000000000E0000-0x00000000003F8000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              3.1MB

                                                                                                                                              Download

                                                                                                                                            • memory/3872-313-0x00000000000E0000-0x00000000003F8000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              3.1MB

                                                                                                                                              Download

                                                                                                                                            • memory/3872-312-0x00000000000E0000-0x00000000003F8000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              3.1MB

                                                                                                                                              Download

                                                                                                                                            • memory/3872-138-0x00000000000E0000-0x00000000003F8000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              3.1MB

                                                                                                                                              Download

                                                                                                                                            • memory/3872-457-0x00000000000E0000-0x00000000003F8000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              3.1MB

                                                                                                                                              Download

                                                                                                                                            • memory/3872-28-0x0000000004B10000-0x0000000004B11000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/3872-25-0x0000000004B60000-0x0000000004B61000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/3872-24-0x0000000004B30000-0x0000000004B31000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/3872-629-0x00000000000E0000-0x00000000003F8000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              3.1MB

                                                                                                                                              Download

                                                                                                                                            • memory/3872-21-0x00000000000E0000-0x00000000003F8000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              3.1MB

                                                                                                                                              Download

                                                                                                                                            • memory/3872-113-0x00000000000E0000-0x00000000003F8000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              3.1MB

                                                                                                                                              Download

                                                                                                                                            • memory/3872-294-0x00000000000E0000-0x00000000003F8000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              3.1MB

                                                                                                                                              Download

                                                                                                                                            • memory/3872-29-0x0000000004B90000-0x0000000004B91000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/3872-30-0x0000000004B80000-0x0000000004B81000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/3872-22-0x00000000000E0000-0x00000000003F8000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              3.1MB

                                                                                                                                              Download

                                                                                                                                            • memory/3872-23-0x0000000004B40000-0x0000000004B41000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/3872-26-0x0000000004B00000-0x0000000004B01000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/4144-0-0x0000000001320000-0x0000000001638000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              3.1MB

                                                                                                                                              Download

                                                                                                                                            • memory/4144-4-0x0000000005220000-0x0000000005221000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/4144-1-0x0000000077EA4000-0x0000000077EA5000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/4144-2-0x0000000001320000-0x0000000001638000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              3.1MB

                                                                                                                                              Download

                                                                                                                                            • memory/4144-20-0x0000000001320000-0x0000000001638000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              3.1MB

                                                                                                                                              Download

                                                                                                                                            • memory/4144-3-0x0000000005210000-0x0000000005211000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/4144-12-0x0000000005250000-0x0000000005251000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/4144-10-0x0000000005260000-0x0000000005261000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/4144-5-0x0000000005200000-0x0000000005201000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/4144-7-0x00000000051E0000-0x00000000051E1000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/4144-9-0x0000000005230000-0x0000000005231000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/4144-8-0x00000000051F0000-0x00000000051F1000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/4144-6-0x0000000005240000-0x0000000005241000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              4KB

                                                                                                                                              Download

                                                                                                                                            • memory/4388-336-0x00000000000E0000-0x00000000003F8000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              3.1MB

                                                                                                                                              Download

                                                                                                                                            • memory/5144-600-0x0000000000400000-0x000000000063B000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              2.2MB

                                                                                                                                              Download

                                                                                                                                            • memory/5144-596-0x0000000000400000-0x000000000063B000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              2.2MB

                                                                                                                                              Download

                                                                                                                                            • memory/5144-710-0x0000000061E00000-0x0000000061EF3000-memory.dmp

                                                                                                                                              Filesize

                                                                                                                                              972KB

                                                                                                                                              Download