Analysis

  • max time kernel
    653s
  • max time network
    652s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-08-2024 12:43

General

  • Target

    RiskPlatform.zip

  • Size

    270.6MB

  • MD5

    4338b4e47dfd10a794d62b8f0eaf5501

  • SHA1

    60ed574567fff35defb8bcd71b004565a9f69b06

  • SHA256

    29056c71459cc32452ab76136f8c79f206d8f3144ef8c6b83a4db8f531b90625

  • SHA512

    f3ee76ce5ea6335b4d9616af31de99d6d65487be641aa5517493aa2b346066a5798ea185539e1c59b8ba7b98b4d3474d37d705d49f2bb37fba19772da267e508

  • SSDEEP

    6291456:tRKbfZmOtdvMKEmOBajygGl2lSTX6im1jU0iKp7XWP9:tQ7v53EJBajyg2TXQVU0hGF

Malware Config

Extracted

Language
xlm4.0
Source

Signatures

  • Detects Strela Stealer payload 1 IoCs
  • Strela stealer

    An info stealer targeting mail credentials first seen in late 2022.

  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Executes dropped EXE 64 IoCs
  • Loads dropped DLL 64 IoCs
  • Blocklisted process makes network request 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

  • Drops file in System32 directory 14 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 58 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Modifies Internet Explorer settings 1 TTPs 54 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 32 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\RiskPlatform.zip
    1⤵
      PID:3572
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4736
      • C:\Program Files\7-Zip\7zG.exe
        "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\RiskPlatform\" -spe -an -ai#7zMap2989:104:7zEvent20915
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:208
      • C:\Program Files\7-Zip\7zG.exe
        "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\" -an -ai#7zMap30593:104:7zEvent11530
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:2468
      • C:\Users\Admin\Desktop\RiskPlatform\RiskPlatform-cust-Setup (1).exe
        "C:\Users\Admin\Desktop\RiskPlatform\RiskPlatform-cust-Setup (1).exe"
        1⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1724
        • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\RiskPlatform-cust-Setup (1).exe
          "C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\RiskPlatform-cust-Setup (1).exe" /q"C:\Users\Admin\Desktop\RiskPlatform\RiskPlatform-cust-Setup (1).exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}" /IS_temp
          2⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:728
          • C:\Windows\SysWOW64\MSIEXEC.EXE
            "C:\Windows\system32\MSIEXEC.EXE" /i "C:\Users\Admin\AppData\Local\Downloaded Installations\{4B0ACB22-5840-488D-86C1-47907D43E537}\RiskPlatform-Setup.msi" /l*v "C:\Users\Admin\AppData\Local\Temp\Risk Platform Installer.log" TRANSFORMS="C:\Users\Admin\AppData\Local\Downloaded Installations\{4B0ACB22-5840-488D-86C1-47907D43E537}\1033.MST" SETUPEXEDIR="C:\Users\Admin\Desktop\RiskPlatform" SETUPEXENAME="RiskPlatform-cust-Setup (1).exe" IS_RUNTIME_FILES_LOCATION="C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}"
            3⤵
            • Enumerates connected drives
            • System Location Discovery: System Language Discovery
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            PID:856
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c rmdir /s /q "C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}"
            3⤵
            • System Location Discovery: System Language Discovery
            PID:3264
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
        • Enumerates connected drives
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Modifies Internet Explorer settings
        • Modifies data under HKEY_USERS
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3792
        • C:\Windows\syswow64\MsiExec.exe
          C:\Windows\syswow64\MsiExec.exe -Embedding F7177D0386FC3EF5F310BF6BC79D8FF6 C
          2⤵
          • Loads dropped DLL
          • Blocklisted process makes network request
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1452
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isBBDF.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isBBDF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EC02A368-B47F-400C-B3FE-71BD83834194}
            3⤵
            • Executes dropped EXE
            PID:1964
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isBBDF.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isBBDF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C6734F2B-EC2D-4503-9B05-95375F2D0B75}
            3⤵
            • Executes dropped EXE
            PID:1860
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isBBDF.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isBBDF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BBC056ED-183C-43A9-B58A-62B52E2BFB32}
            3⤵
            • Executes dropped EXE
            PID:408
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isBBDF.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isBBDF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{856FF686-12AF-4B79-BE37-2A4B266CC3AE}
            3⤵
            • Executes dropped EXE
            PID:2220
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isBBDF.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isBBDF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0BC6A626-3DD0-47FF-A05D-66B8BC51A448}
            3⤵
            • Executes dropped EXE
            PID:1320
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isBBDF.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isBBDF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{840F0119-DCC2-40C5-95AE-65A16221C794}
            3⤵
            • Executes dropped EXE
            PID:1976
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isBBDF.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isBBDF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{867AA235-1F9F-40AF-A363-098873B5299D}
            3⤵
            • Executes dropped EXE
            PID:2120
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isBBDF.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isBBDF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D88D827F-2E26-487D-BA6A-51E930C5CB14}
            3⤵
            • Executes dropped EXE
            PID:4396
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isBBDF.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isBBDF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{23A0AEA2-CB21-49E9-BD8F-0B0C0CE8BF1D}
            3⤵
            • Executes dropped EXE
            PID:3168
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isBBDF.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isBBDF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{82BA8108-3ED5-403F-9C14-238653521DE5}
            3⤵
            • Executes dropped EXE
            PID:2792
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC343.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC343.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{80338103-F543-4E01-B71A-E04F45F93DF2}
            3⤵
            • Executes dropped EXE
            PID:3036
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC343.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC343.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1C4D9D2A-42E4-4FEB-843C-8EC89800ADD9}
            3⤵
            • Executes dropped EXE
            PID:3332
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC343.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC343.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{99430179-CCB8-46C4-BB27-ECC636E92468}
            3⤵
            • Executes dropped EXE
            PID:388
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC343.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC343.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1689AD97-C766-470B-9974-91A241776F68}
            3⤵
            • Executes dropped EXE
            PID:5036
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC343.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC343.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0F2BA4C7-F738-42C1-AC47-09603D3B571B}
            3⤵
            • Executes dropped EXE
            PID:864
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC343.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC343.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3D8DFC44-8CBB-401B-B343-59838819C866}
            3⤵
            • Executes dropped EXE
            PID:2112
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC343.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC343.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{40E1F8B4-3DF1-448F-9E9B-AB5869A53AC5}
            3⤵
            • Executes dropped EXE
            PID:60
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC343.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC343.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{569B3F84-8120-4DD2-9436-80DD1DF2B6EA}
            3⤵
            • Executes dropped EXE
            PID:2036
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC343.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC343.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{895292D7-5EF9-4A9E-8896-E7ADE03DE681}
            3⤵
            • Executes dropped EXE
            PID:1212
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC343.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC343.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1C0E6FEC-4081-4B99-8052-1C9EB09FB4F2}
            3⤵
            • Executes dropped EXE
            PID:3676
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC6ED.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC6ED.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8B07D7D8-514D-403D-B193-95514399564D}
            3⤵
            • Executes dropped EXE
            PID:2236
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC6ED.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC6ED.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C6F5D391-399B-4A99-AEFC-05AFA6622F90}
            3⤵
            • Executes dropped EXE
            PID:2476
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC6ED.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC6ED.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{85347A00-B566-4F2D-BAF5-3E6AA133FB5D}
            3⤵
            • Executes dropped EXE
            PID:748
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC6ED.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC6ED.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{633E17AF-39BA-4B80-865B-6A58A82CE1BD}
            3⤵
            • Executes dropped EXE
            PID:4552
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC6ED.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC6ED.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EE25698A-A8AB-4C51-A21F-E998889C8913}
            3⤵
            • Executes dropped EXE
            PID:1928
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC6ED.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC6ED.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{028F4B73-C94E-4B83-AB51-A48001F83275}
            3⤵
            • Executes dropped EXE
            PID:5068
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC6ED.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC6ED.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FC9C1DD1-CDE9-4C6B-8AB6-25854F55F739}
            3⤵
            • Executes dropped EXE
            PID:4556
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC6ED.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC6ED.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6969DF0D-09E0-40DC-BFF7-091AE2A58A0A}
            3⤵
            • Executes dropped EXE
            PID:4296
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC6ED.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC6ED.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{001376BE-FC22-4FAB-8A64-B34251AA881B}
            3⤵
            • Executes dropped EXE
            PID:4588
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC6ED.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isC6ED.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7EE9A6D8-8995-4E4D-8BB2-C6CDD00C7C0B}
            3⤵
            • Executes dropped EXE
            PID:4828
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCB15.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCB15.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0A282B6D-B9B8-4BB2-A2F3-C56715A9EFB8}
            3⤵
            • Executes dropped EXE
            PID:2716
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCB15.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCB15.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{067AEEFE-5D6C-49B8-9C57-E06218FE22F4}
            3⤵
            • Executes dropped EXE
            PID:3212
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCB15.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCB15.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{68539B0B-F06F-4827-B28E-863F2B524E9F}
            3⤵
            • Executes dropped EXE
            PID:3188
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCB15.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCB15.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C4212138-4344-44CB-9515-FCCB4B933366}
            3⤵
            • Executes dropped EXE
            PID:5116
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCB15.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCB15.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{49D47F66-3C98-4FBD-96B9-D9041F274F36}
            3⤵
            • Executes dropped EXE
            PID:2268
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCB15.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCB15.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A4B24B32-3C8D-43EB-9833-3726BEA6D215}
            3⤵
            • Executes dropped EXE
            PID:552
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCB15.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCB15.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3105DBD8-73FF-40B4-8869-3DB178DBE5BE}
            3⤵
            • Executes dropped EXE
            PID:4968
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCB15.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCB15.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2E9837DF-791D-4A86-9B4E-0EAD97C7EEDC}
            3⤵
            • Executes dropped EXE
            PID:1184
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCB15.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCB15.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E5D356A9-CF49-48D1-9F23-ED1ACD70A7C9}
            3⤵
            • Executes dropped EXE
            PID:5060
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCB15.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCB15.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9C62617F-BF8D-43AB-94CB-A7E3DB76B32B}
            3⤵
            • Executes dropped EXE
            PID:2264
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCE71.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCE71.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6C84EB05-242E-4BCB-8EBC-98C0FA62D7F4}
            3⤵
            • Executes dropped EXE
            PID:4468
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCE71.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCE71.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{59627080-12D1-4A4B-BD1B-82F5E32B9A6C}
            3⤵
            • Executes dropped EXE
            PID:4840
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCE71.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCE71.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EEA52284-143A-44B2-9674-4E1AF4B33426}
            3⤵
            • Executes dropped EXE
            PID:1048
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCE71.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCE71.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5EAAB128-0A08-4CA9-86CE-2190AC3D13FA}
            3⤵
            • Executes dropped EXE
            PID:1916
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCE71.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCE71.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{68205F04-25F8-4DC1-9B39-9A5B070B5C6F}
            3⤵
            • Executes dropped EXE
            PID:3508
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCE71.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCE71.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8F49F46E-1E3F-453F-94B8-EACE3E17F0D9}
            3⤵
            • Executes dropped EXE
            PID:2148
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCE71.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCE71.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F5EC4FDC-0BD2-4E72-A74C-D9E14A704C7D}
            3⤵
            • Executes dropped EXE
            PID:2676
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCE71.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCE71.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4D0D3E09-624E-4D0F-A8F8-ACE2BED4FB11}
            3⤵
            • Executes dropped EXE
            PID:4224
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCE71.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCE71.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{086CABF4-4517-484A-83A0-F72E233F8AE5}
            3⤵
            • Executes dropped EXE
            PID:664
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCE71.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isCE71.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{49341580-0F43-4F7A-9D94-8260FBC90900}
            3⤵
            • Executes dropped EXE
            PID:1568
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD0B4.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD0B4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C627C1DC-133D-4EC1-8A47-293B66602B44}
            3⤵
            • Executes dropped EXE
            PID:2520
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD0B4.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD0B4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3FCB1B89-E873-46FE-B633-C85460E81D31}
            3⤵
            • Executes dropped EXE
            PID:972
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD0B4.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD0B4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C0F47653-F064-4EE7-A288-D8CFAC1940D5}
            3⤵
            • Executes dropped EXE
            PID:1968
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD0B4.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD0B4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3328359A-C5D3-4296-AB64-CA5D0778680E}
            3⤵
            • Executes dropped EXE
            PID:2304
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD0B4.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD0B4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F4C1DE4E-EEC0-484A-B6E9-A5CB0735D55D}
            3⤵
            • Executes dropped EXE
            PID:1384
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD0B4.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD0B4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3D0F370B-2311-4EEF-8C1B-748725F52ED1}
            3⤵
            • Executes dropped EXE
            PID:3764
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD0B4.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD0B4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A6E047DD-DE1D-4840-A184-B5E68C9D418E}
            3⤵
            • Executes dropped EXE
            PID:4132
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD0B4.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD0B4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9B00FECA-6CA0-4E85-8F40-2ECE05A26C7B}
            3⤵
            • Executes dropped EXE
            PID:4180
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD0B4.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD0B4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CC79DBB0-2D35-47D0-BE9F-41FE43401FA0}
            3⤵
            • Executes dropped EXE
            PID:2884
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD0B4.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD0B4.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F862AA76-1158-4EE3-A3FD-8D596217D848}
            3⤵
            • Executes dropped EXE
            PID:2468
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD2E8.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD2E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{14625310-99F9-48B4-A696-1965D4E659B3}
            3⤵
            • Executes dropped EXE
            PID:2248
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD2E8.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD2E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B07F04D1-EA9F-47EC-8EC5-388FF838ADCC}
            3⤵
            • Executes dropped EXE
            PID:1260
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD2E8.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD2E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{86118E2F-74F6-4940-A4E1-619994161C50}
            3⤵
            • Executes dropped EXE
            PID:1164
          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD2E8.exe
            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD2E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{01C8F81B-CCDA-41B2-A3B9-DF1777E241FD}
            3⤵
              PID:3852
            • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD2E8.exe
              C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD2E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{21C5B2A1-AC3B-43EF-97C4-9B87CB2E4C94}
              3⤵
                PID:3536
              • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD2E8.exe
                C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD2E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{60E6EDBF-F037-4BF6-B412-615E8556CC57}
                3⤵
                  PID:464
                • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD2E8.exe
                  C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD2E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4032A877-22CF-4C19-B66D-9976FD76A4A7}
                  3⤵
                    PID:2940
                  • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD2E8.exe
                    C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD2E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2294C6A7-DB33-459F-8DFD-DE14C715911D}
                    3⤵
                      PID:1064
                    • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD2E8.exe
                      C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD2E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D7F9C297-4828-4305-A4EB-F75E4FC5FA13}
                      3⤵
                        PID:624
                      • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD2E8.exe
                        C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isD2E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{13354034-7DE8-479F-97AE-3A2460652C9F}
                        3⤵
                          PID:320
                        • C:\Users\Admin\Desktop\RiskPlatform\RiskPlatform-cust-Setup (1).exe
                          "C:\Users\Admin\Desktop\RiskPlatform\RiskPlatform-cust-Setup (1).exe" /embed"{271039C0-765B-46C0-B32F-504E387741D4}" /hide_splash /hide_progress /runprerequisites"Suite8,System,Common,DTS,Evolver,EvDocEN,EvDocES,EvExEN,EvExES,EvResources,EvXDK,GAC,NeuralTools,NTDoc,NTEx,NTExES,NTResources,NTXDK,PrecisionTree,PTDoc,PTEx,PTResources,PTXDK,RISK,RISKDocEN,RISKDocES,RISKExEN,RISKExES,RISKResources,RISKSys,RISKXDK,StatTools,STDocEN,STDocES,STExEN,STExES,STResources,SysResources,TopRank,TRDoc,TREx,TRResources,WinSys" /l1033 /v"TRANSFORMS=\"C:\Users\Admin\AppData\Local\Downloaded Installations\{4B0ACB22-5840-488D-86C1-47907D43E537}\1033.MST\""
                          3⤵
                          • System Location Discovery: System Language Discovery
                          • Suspicious use of SetWindowsHookEx
                          PID:4320
                          • C:\Users\Admin\AppData\Local\Temp\{0E75F32D-463B-491D-80B1-2858647E6109}\RiskPlatform-cust-Setup (1).exe
                            "C:\Users\Admin\AppData\Local\Temp\{0E75F32D-463B-491D-80B1-2858647E6109}\RiskPlatform-cust-Setup (1).exe" /q"C:\Users\Admin\Desktop\RiskPlatform\RiskPlatform-cust-Setup (1).exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{0E75F32D-463B-491D-80B1-2858647E6109}" /embed"{271039C0-765B-46C0-B32F-504E387741D4}" /hide_splash /hide_progress /runprerequisites"Suite8,System,Common,DTS,Evolver,EvDocEN,EvDocES,EvExEN,EvExES,EvResources,EvXDK,GAC,NeuralTools,NTDoc,NTEx,NTExES,NTResources,NTXDK,PrecisionTree,PTDoc,PTEx,PTResources,PTXDK,RISK,RISKDocEN,RISKDocES,RISKExEN,RISKExES,RISKResources,RISKSys,RISKXDK,StatTools,STDocEN,STDocES,STExEN,STExES,STResources,SysResources,TopRank,TRDoc,TREx,TRResources,WinSys" /l1033 /v"TRANSFORMS=\"C:\Users\Admin\AppData\Local\Downloaded Installations\{4B0ACB22-5840-488D-86C1-47907D43E537}\1033.MST\"" /eprq /IS_temp
                            4⤵
                            • System Location Discovery: System Language Discovery
                            • Suspicious use of SetWindowsHookEx
                            PID:2516
                            • C:\Windows\SysWOW64\cmd.exe
                              "C:\Windows\system32\cmd.exe" /c rmdir /s /q "C:\Users\Admin\AppData\Local\Temp\{0E75F32D-463B-491D-80B1-2858647E6109}"
                              5⤵
                              • System Location Discovery: System Language Discovery
                              PID:1524
                      • C:\Windows\system32\srtasks.exe
                        C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
                        2⤵
                          PID:1416
                        • C:\Windows\syswow64\MsiExec.exe
                          C:\Windows\syswow64\MsiExec.exe -Embedding BC03015D7FCC28CF7ACF7262CEB1DB46
                          2⤵
                          • Loads dropped DLL
                          • System Location Discovery: System Language Discovery
                          PID:1856
                          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is6CB1.exe
                            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is6CB1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F03B710C-9E30-4133-973D-7E661DAA736A}
                            3⤵
                              PID:3288
                            • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is6CB1.exe
                              C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is6CB1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B4D7D47A-5F67-4B0A-BA5C-C250A7AD2A5A}
                              3⤵
                                PID:4896
                              • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is6CB1.exe
                                C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is6CB1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5E6FE42B-4E68-407A-90D0-269A8A8E442A}
                                3⤵
                                  PID:4540
                                • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is6CB1.exe
                                  C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is6CB1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F54E3463-C9C0-4441-8B54-7FC904791A5F}
                                  3⤵
                                    PID:4248
                                  • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is6CB1.exe
                                    C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is6CB1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{54D796E7-9F27-4817-859F-4653FC9E2BCB}
                                    3⤵
                                      PID:1100
                                    • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is6CB1.exe
                                      C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is6CB1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{75903530-6C31-4F96-87DE-822AD086FC91}
                                      3⤵
                                        PID:2204
                                      • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is6CB1.exe
                                        C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is6CB1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F04C3655-9CA1-4D0D-85EF-DD4FFD57457F}
                                        3⤵
                                          PID:1004
                                        • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is6CB1.exe
                                          C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is6CB1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{747DB8FD-136C-4487-8808-200D9E1B7BD2}
                                          3⤵
                                            PID:4308
                                          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is6CB1.exe
                                            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is6CB1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D0ACE10B-12A4-42EC-89A7-A5FD7A893B6F}
                                            3⤵
                                              PID:4488
                                            • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is6CB1.exe
                                              C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is6CB1.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{53638C01-0167-4C91-8734-43B4C8058FDC}
                                              3⤵
                                                PID:3616
                                              • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is70E8.exe
                                                C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is70E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8555AF26-32BB-4467-89CA-7D2D27859DC1}
                                                3⤵
                                                  PID:1112
                                                • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is70E8.exe
                                                  C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is70E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8F29646F-A332-4F3F-941F-BB315B6C926C}
                                                  3⤵
                                                    PID:2832
                                                  • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is70E8.exe
                                                    C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is70E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{582C1338-E96B-4E32-9EEE-76D56561C1E8}
                                                    3⤵
                                                      PID:3496
                                                    • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is70E8.exe
                                                      C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is70E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E4864150-B9EA-44C9-8416-6758013CD571}
                                                      3⤵
                                                        PID:3784
                                                      • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is70E8.exe
                                                        C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is70E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2FB33DBF-CC82-4D5B-BD06-B912C332DEA5}
                                                        3⤵
                                                          PID:4572
                                                        • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is70E8.exe
                                                          C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is70E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D808A385-E072-459B-9FF6-0B1AC9AC3C78}
                                                          3⤵
                                                            PID:2344
                                                          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is70E8.exe
                                                            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is70E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5476C6C3-EFFF-479C-A32F-833B23C8FFD6}
                                                            3⤵
                                                              PID:4664
                                                            • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is70E8.exe
                                                              C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is70E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6BCDB3F9-15B5-4E8B-9E08-393247CD59A9}
                                                              3⤵
                                                                PID:4244
                                                              • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is70E8.exe
                                                                C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is70E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4F34CF7D-9EAC-4CFD-9FCD-11A8877D8528}
                                                                3⤵
                                                                  PID:1320
                                                                • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is70E8.exe
                                                                  C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is70E8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{240BA31E-0778-4BFF-8A6E-7E204C96542F}
                                                                  3⤵
                                                                    PID:4804
                                                                  • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7696.exe
                                                                    C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7696.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4602526A-3DA1-4472-AA18-65A757428659}
                                                                    3⤵
                                                                      PID:1916
                                                                    • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7696.exe
                                                                      C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7696.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D89932CC-96E0-4C02-A347-BFEFDCE2FD48}
                                                                      3⤵
                                                                        PID:2616
                                                                      • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7696.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7696.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{884B83C1-673D-427D-8227-0A273735BD52}
                                                                        3⤵
                                                                          PID:904
                                                                        • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7696.exe
                                                                          C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7696.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{86B0F3F2-F742-42F5-B312-D7A480A842AF}
                                                                          3⤵
                                                                            PID:2516
                                                                          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7696.exe
                                                                            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7696.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6B9D2BAC-1ADE-4642-A87D-063140218A04}
                                                                            3⤵
                                                                              PID:4800
                                                                            • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7696.exe
                                                                              C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7696.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{462161F4-8B88-4DED-8CAD-8A92CB19E335}
                                                                              3⤵
                                                                                PID:1520
                                                                              • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7696.exe
                                                                                C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7696.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{18D06507-6662-443C-9C06-5DFB067A24C9}
                                                                                3⤵
                                                                                  PID:5020
                                                                                • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7696.exe
                                                                                  C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7696.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BBB09EE1-09B1-45DA-BD7C-AC1F016A7368}
                                                                                  3⤵
                                                                                    PID:2188
                                                                                  • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7696.exe
                                                                                    C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7696.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D17C7FE5-C73B-4111-A094-CC901C8DF330}
                                                                                    3⤵
                                                                                      PID:4372
                                                                                    • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7696.exe
                                                                                      C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7696.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C677571B-8FD6-47C1-8D97-48B9B852226A}
                                                                                      3⤵
                                                                                        PID:928
                                                                                      • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7937.exe
                                                                                        C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7937.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DCD4B7AF-9237-4121-BC94-51DFC3C5A842}
                                                                                        3⤵
                                                                                          PID:876
                                                                                        • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7937.exe
                                                                                          C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7937.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DFBC4E50-1DEC-426C-8A91-E0809464CD78}
                                                                                          3⤵
                                                                                            PID:540
                                                                                          • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7937.exe
                                                                                            C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7937.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CE9A32A5-6652-4C3B-A7ED-1C915E0BB125}
                                                                                            3⤵
                                                                                              PID:4552
                                                                                            • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7937.exe
                                                                                              C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7937.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FD4E96FC-79F0-4C83-A3EC-CA7B644C0BBF}
                                                                                              3⤵
                                                                                                PID:4924
                                                                                              • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7937.exe
                                                                                                C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7937.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E1B3566F-38CC-486A-A326-76D451A63E4C}
                                                                                                3⤵
                                                                                                  PID:3272
                                                                                                • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7937.exe
                                                                                                  C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7937.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{884E8F24-6B69-462E-A87C-6B28AD5BA73A}
                                                                                                  3⤵
                                                                                                    PID:2052
                                                                                                  • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7937.exe
                                                                                                    C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7937.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B37BDED1-D934-4758-9BCF-2F7B5CF32615}
                                                                                                    3⤵
                                                                                                      PID:1064
                                                                                                    • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7937.exe
                                                                                                      C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7937.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CCA9C30F-7281-4285-83A6-8BE50DF8DDEF}
                                                                                                      3⤵
                                                                                                        PID:4548
                                                                                                      • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7937.exe
                                                                                                        C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7937.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4CDED6AF-9DE4-43B5-B792-59886CE82FF8}
                                                                                                        3⤵
                                                                                                          PID:5084
                                                                                                        • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7937.exe
                                                                                                          C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_is7937.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{41774611-CA4F-4858-802F-01D56AEB57F0}
                                                                                                          3⤵
                                                                                                            PID:3264
                                                                                                          • C:\Users\Admin\AppData\Local\Temp\{187F2E97-0AE0-414F-8087-84C7BE092716}\_isE6C8.exe
                                                                                                            C:\Users\Admin\AppData\Local\Temp\{187F2E97-0AE0-414F-8087-84C7BE092716}\_isE6C8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B36D8C0-8E0E-4A73-B8D6-7C2C96FD78FC}
                                                                                                            3⤵
                                                                                                              PID:4104
                                                                                                            • C:\Users\Admin\AppData\Local\Temp\{187F2E97-0AE0-414F-8087-84C7BE092716}\_isE6C8.exe
                                                                                                              C:\Users\Admin\AppData\Local\Temp\{187F2E97-0AE0-414F-8087-84C7BE092716}\_isE6C8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{05299ABB-28F0-4E32-9F09-778921A5FAA0}
                                                                                                              3⤵
                                                                                                                PID:2092
                                                                                                              • C:\Users\Admin\AppData\Local\Temp\{187F2E97-0AE0-414F-8087-84C7BE092716}\_isE6C8.exe
                                                                                                                C:\Users\Admin\AppData\Local\Temp\{187F2E97-0AE0-414F-8087-84C7BE092716}\_isE6C8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5D77E10D-7D7C-4147-95CD-3F0420A5F49D}
                                                                                                                3⤵
                                                                                                                  PID:1484
                                                                                                                • C:\Users\Admin\AppData\Local\Temp\{187F2E97-0AE0-414F-8087-84C7BE092716}\_isE6C8.exe
                                                                                                                  C:\Users\Admin\AppData\Local\Temp\{187F2E97-0AE0-414F-8087-84C7BE092716}\_isE6C8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6818371A-4252-47A2-B237-22105CF1CB60}
                                                                                                                  3⤵
                                                                                                                    PID:4800
                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\{187F2E97-0AE0-414F-8087-84C7BE092716}\_isE6C8.exe
                                                                                                                    C:\Users\Admin\AppData\Local\Temp\{187F2E97-0AE0-414F-8087-84C7BE092716}\_isE6C8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{887B427A-E0E2-447D-B61B-86A350C4BB30}
                                                                                                                    3⤵
                                                                                                                      PID:1180
                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\{187F2E97-0AE0-414F-8087-84C7BE092716}\_isE6C8.exe
                                                                                                                      C:\Users\Admin\AppData\Local\Temp\{187F2E97-0AE0-414F-8087-84C7BE092716}\_isE6C8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FBC61DC5-9BC8-4A3C-8E56-75071B5CB34F}
                                                                                                                      3⤵
                                                                                                                        PID:1000
                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\{187F2E97-0AE0-414F-8087-84C7BE092716}\_isE6C8.exe
                                                                                                                        C:\Users\Admin\AppData\Local\Temp\{187F2E97-0AE0-414F-8087-84C7BE092716}\_isE6C8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B0835A4F-B16E-4C71-9716-CD08B7E47611}
                                                                                                                        3⤵
                                                                                                                          PID:4744
                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\{187F2E97-0AE0-414F-8087-84C7BE092716}\_isE6C8.exe
                                                                                                                          C:\Users\Admin\AppData\Local\Temp\{187F2E97-0AE0-414F-8087-84C7BE092716}\_isE6C8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6337747D-4CAB-4CCF-99FC-4630CE9EA12C}
                                                                                                                          3⤵
                                                                                                                            PID:4212
                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\{187F2E97-0AE0-414F-8087-84C7BE092716}\_isE6C8.exe
                                                                                                                            C:\Users\Admin\AppData\Local\Temp\{187F2E97-0AE0-414F-8087-84C7BE092716}\_isE6C8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D025D15A-713C-44B2-AFA2-2BCD3FCC0E66}
                                                                                                                            3⤵
                                                                                                                              PID:2452
                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\{187F2E97-0AE0-414F-8087-84C7BE092716}\_isE6C8.exe
                                                                                                                              C:\Users\Admin\AppData\Local\Temp\{187F2E97-0AE0-414F-8087-84C7BE092716}\_isE6C8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7C1B124F-6BE1-49A4-A98A-50AC8D97570A}
                                                                                                                              3⤵
                                                                                                                                PID:3468
                                                                                                                            • C:\Windows\syswow64\MsiExec.exe
                                                                                                                              C:\Windows\syswow64\MsiExec.exe -Embedding 55231C3A49914D794F5B4D77FCA63515 E Global\MSI0000
                                                                                                                              2⤵
                                                                                                                              • Loads dropped DLL
                                                                                                                              • Blocklisted process makes network request
                                                                                                                              • Drops file in System32 directory
                                                                                                                              • Drops file in Program Files directory
                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                              • Modifies Internet Explorer settings
                                                                                                                              • Modifies data under HKEY_USERS
                                                                                                                              • Modifies registry class
                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                              PID:4428
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\{3C31685D-2062-4A57-99E5-1A2AB562CBC7}\_is82F8.exe
                                                                                                                                C:\Users\Admin\AppData\Local\Temp\{3C31685D-2062-4A57-99E5-1A2AB562CBC7}\_is82F8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B645EF9F-9578-47D0-AACC-BD6232719170}
                                                                                                                                3⤵
                                                                                                                                  PID:428
                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\{3C31685D-2062-4A57-99E5-1A2AB562CBC7}\_is82F8.exe
                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\{3C31685D-2062-4A57-99E5-1A2AB562CBC7}\_is82F8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6AFF7510-46BC-459D-843D-2921C03A4A6E}
                                                                                                                                  3⤵
                                                                                                                                    PID:2420
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\{3C31685D-2062-4A57-99E5-1A2AB562CBC7}\_is82F8.exe
                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\{3C31685D-2062-4A57-99E5-1A2AB562CBC7}\_is82F8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CB3ADFAE-BF26-4586-AEB4-CDD0EC9A4CCB}
                                                                                                                                    3⤵
                                                                                                                                      PID:892
                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\{3C31685D-2062-4A57-99E5-1A2AB562CBC7}\_is82F8.exe
                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\{3C31685D-2062-4A57-99E5-1A2AB562CBC7}\_is82F8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B2084AB2-3114-44D8-806E-6AE33FCA7A2A}
                                                                                                                                      3⤵
                                                                                                                                        PID:404
                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\{3C31685D-2062-4A57-99E5-1A2AB562CBC7}\_is82F8.exe
                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\{3C31685D-2062-4A57-99E5-1A2AB562CBC7}\_is82F8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5BFB580B-49F4-4D02-A4A0-CFF99669481C}
                                                                                                                                        3⤵
                                                                                                                                          PID:3148
                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\{3C31685D-2062-4A57-99E5-1A2AB562CBC7}\_is82F8.exe
                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\{3C31685D-2062-4A57-99E5-1A2AB562CBC7}\_is82F8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1C530ED2-7C15-41A8-8CC7-B6D994B14321}
                                                                                                                                          3⤵
                                                                                                                                            PID:5060
                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\{3C31685D-2062-4A57-99E5-1A2AB562CBC7}\_is82F8.exe
                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\{3C31685D-2062-4A57-99E5-1A2AB562CBC7}\_is82F8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{103D2A1A-8075-4421-8DA3-F5516EECAC9E}
                                                                                                                                            3⤵
                                                                                                                                              PID:4948
                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\{3C31685D-2062-4A57-99E5-1A2AB562CBC7}\_is82F8.exe
                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\{3C31685D-2062-4A57-99E5-1A2AB562CBC7}\_is82F8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4EA2FABE-35E8-4C1B-8EE4-433AC7783C1E}
                                                                                                                                              3⤵
                                                                                                                                                PID:2916
                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\{3C31685D-2062-4A57-99E5-1A2AB562CBC7}\_is82F8.exe
                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\{3C31685D-2062-4A57-99E5-1A2AB562CBC7}\_is82F8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{96554FE6-999D-4053-AD2E-AE554DA64D5A}
                                                                                                                                                3⤵
                                                                                                                                                  PID:3380
                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\{3C31685D-2062-4A57-99E5-1A2AB562CBC7}\_is82F8.exe
                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\{3C31685D-2062-4A57-99E5-1A2AB562CBC7}\_is82F8.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EED50A27-1932-4E5D-818C-6026ADA473CD}
                                                                                                                                                  3⤵
                                                                                                                                                    PID:532
                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\{6B82176D-6536-46B5-B91F-CD805BEBF3B1}\_is9F3B.exe
                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\{6B82176D-6536-46B5-B91F-CD805BEBF3B1}\_is9F3B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B7CDF027-8186-40A7-B485-753C3909ED2F}
                                                                                                                                                    3⤵
                                                                                                                                                      PID:1704
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\{6B82176D-6536-46B5-B91F-CD805BEBF3B1}\_is9F3B.exe
                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\{6B82176D-6536-46B5-B91F-CD805BEBF3B1}\_is9F3B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{79E8E965-8B88-453C-A719-97282F317418}
                                                                                                                                                      3⤵
                                                                                                                                                        PID:3508
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\{6B82176D-6536-46B5-B91F-CD805BEBF3B1}\_is9F3B.exe
                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\{6B82176D-6536-46B5-B91F-CD805BEBF3B1}\_is9F3B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9D2BF48F-2066-4625-9529-A554ACD95078}
                                                                                                                                                        3⤵
                                                                                                                                                          PID:4368
                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\{6B82176D-6536-46B5-B91F-CD805BEBF3B1}\_is9F3B.exe
                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\{6B82176D-6536-46B5-B91F-CD805BEBF3B1}\_is9F3B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EDFBFA88-BD16-490B-B4C5-DAF62967A504}
                                                                                                                                                          3⤵
                                                                                                                                                            PID:4204
                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\{6B82176D-6536-46B5-B91F-CD805BEBF3B1}\_is9F3B.exe
                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\{6B82176D-6536-46B5-B91F-CD805BEBF3B1}\_is9F3B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2FEC85ED-4FE1-4D7E-A221-CBF187BDC504}
                                                                                                                                                            3⤵
                                                                                                                                                              PID:1580
                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\{6B82176D-6536-46B5-B91F-CD805BEBF3B1}\_is9F3B.exe
                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\{6B82176D-6536-46B5-B91F-CD805BEBF3B1}\_is9F3B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1E112199-CF23-4D2E-88BA-D35216AC95D9}
                                                                                                                                                              3⤵
                                                                                                                                                                PID:2516
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\{6B82176D-6536-46B5-B91F-CD805BEBF3B1}\_is9F3B.exe
                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\{6B82176D-6536-46B5-B91F-CD805BEBF3B1}\_is9F3B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E24C3DE3-7E19-4527-8D86-CBAACFAE6BC4}
                                                                                                                                                                3⤵
                                                                                                                                                                  PID:5004
                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\{6B82176D-6536-46B5-B91F-CD805BEBF3B1}\_is9F3B.exe
                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\{6B82176D-6536-46B5-B91F-CD805BEBF3B1}\_is9F3B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{ED80B76B-0B38-4238-A372-A494A8F1967A}
                                                                                                                                                                  3⤵
                                                                                                                                                                    PID:5020
                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\{6B82176D-6536-46B5-B91F-CD805BEBF3B1}\_is9F3B.exe
                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\{6B82176D-6536-46B5-B91F-CD805BEBF3B1}\_is9F3B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0D32D201-8538-428C-963D-2ED4E5A8E3C3}
                                                                                                                                                                    3⤵
                                                                                                                                                                      PID:3904
                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\{6B82176D-6536-46B5-B91F-CD805BEBF3B1}\_is9F3B.exe
                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\{6B82176D-6536-46B5-B91F-CD805BEBF3B1}\_is9F3B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9A89784D-6D53-4AFE-9D6E-5E977829C8D2}
                                                                                                                                                                      3⤵
                                                                                                                                                                        PID:4372
                                                                                                                                                                      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.Evolver.Manager8.dll" /codebase
                                                                                                                                                                        3⤵
                                                                                                                                                                        • Loads dropped DLL
                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                        PID:3684
                                                                                                                                                                      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                                                        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.Evolver.Manager8.dll" /codebase
                                                                                                                                                                        3⤵
                                                                                                                                                                        • Modifies data under HKEY_USERS
                                                                                                                                                                        PID:2924
                                                                                                                                                                      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.Evolver.XDK8.dll" /codebase
                                                                                                                                                                        3⤵
                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                        • Modifies data under HKEY_USERS
                                                                                                                                                                        • Modifies registry class
                                                                                                                                                                        PID:464
                                                                                                                                                                      • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                                                        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.Evolver.XDK8.dll" /codebase
                                                                                                                                                                        3⤵
                                                                                                                                                                          PID:4248
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.Evolver.Testing8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:2212
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.Evolver.Testing8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:3188
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.Risk.Main8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:1504
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.Risk.Main8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:4672
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.Risk.Manager8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:2916
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.Risk.Manager8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:8
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.Risk.Progress8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:4452
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.Risk.Progress8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • Modifies registry class
                                                                                                                                                                          PID:972
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.Risk.XDK8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          • Modifies registry class
                                                                                                                                                                          PID:372
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.Risk.XDK8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          • Modifies registry class
                                                                                                                                                                          PID:2372
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.NeuralTools.Main8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          PID:1652
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.NeuralTools.Main8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:1316
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.StatTools.Main8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:2936
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.StatTools.Main8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:1640
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.Risk.Testing8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:3760
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.Risk.Testing8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:4952
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.PrecisionTree.Main8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:2460
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.PrecisionTree.Main8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:1036
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.DT.XLUtil8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:4072
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.DT.XLUtil8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:3320
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.EvolverVB6.Main8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:4372
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.EvolverVB6.Main8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:3852
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.TopRank.Main8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:1004
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.TopRank.Main8.dll" /codebase
                                                                                                                                                                          3⤵
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:3244
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.DT.Graphing8.dll" /codebase /tlb
                                                                                                                                                                          3⤵
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          • Modifies registry class
                                                                                                                                                                          PID:4296
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.DT.Graphing8.dll" /codebase /tlb
                                                                                                                                                                          3⤵
                                                                                                                                                                          • Modifies registry class
                                                                                                                                                                          PID:4968
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.DT.Core8.dll" /codebase /tlb
                                                                                                                                                                          3⤵
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:1280
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.DT.Core8.dll" /codebase /tlb
                                                                                                                                                                          3⤵
                                                                                                                                                                          • Drops file in Program Files directory
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:2220
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.DT.Licensing8.dll" /codebase /tlb
                                                                                                                                                                          3⤵
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          PID:1872
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.DT.Licensing8.dll" /codebase /tlb
                                                                                                                                                                          3⤵
                                                                                                                                                                          • Drops file in Program Files directory
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:4568
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.DT.NeuralNets8.dll" /codebase /tlb
                                                                                                                                                                          3⤵
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          • Modifies registry class
                                                                                                                                                                          PID:1416
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\Palisade.DT.NeuralNets8.dll" /codebase /tlb
                                                                                                                                                                          3⤵
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:3352
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\OptQuest\6.6.1.16\ComOptQuest.dll" /u
                                                                                                                                                                          3⤵
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          PID:4868
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\OptQuest\6.6.1.16\ComOptQuest.dll" /codebase /tlb: ComOptQuest6.6.1.16.tlb
                                                                                                                                                                          3⤵
                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                                          PID:3988
                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\OptQuest\6.6.1.16\ComOptQuest.dll" /u
                                                                                                                                                                          3⤵
                                                                                                                                                                            PID:3616
                                                                                                                                                                          • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
                                                                                                                                                                            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe "C:\Program Files (x86)\Palisade\System\OptQuest\6.6.1.16\ComOptQuest.dll" /codebase /tlb: ComOptQuest6.6.1.16.tlb
                                                                                                                                                                            3⤵
                                                                                                                                                                            • Modifies data under HKEY_USERS
                                                                                                                                                                            PID:4444
                                                                                                                                                                          • C:\Program Files (x86)\Palisade\System\PalGraph8Server.exe
                                                                                                                                                                            "C:\Program Files (x86)\Palisade\System\PalGraph8Server.exe" /REGSERVER
                                                                                                                                                                            3⤵
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            • Modifies registry class
                                                                                                                                                                            PID:2264
                                                                                                                                                                          • C:\Program Files (x86)\Palisade\TopRank8\TopRankOutOfProcessServer.exe
                                                                                                                                                                            "C:\Program Files (x86)\Palisade\TopRank8\TopRankOutOfProcessServer.exe" /REGSERVER
                                                                                                                                                                            3⤵
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            PID:1020
                                                                                                                                                                          • C:\Program Files (x86)\Palisade\TopRank8\TopRankProgress.exe
                                                                                                                                                                            "C:\Program Files (x86)\Palisade\TopRank8\TopRankProgress.exe" /REGSERVER
                                                                                                                                                                            3⤵
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            PID:3532
                                                                                                                                                                          • C:\Program Files (x86)\Palisade\NeuralTools8\NeuralToolsOutOfProcessServer8.exe
                                                                                                                                                                            "C:\Program Files (x86)\Palisade\NeuralTools8\NeuralToolsOutOfProcessServer8.exe" /REGSERVER
                                                                                                                                                                            3⤵
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            PID:552
                                                                                                                                                                          • C:\Program Files (x86)\Palisade\Evolver8\EvolverOutOfProcessServer8.exe
                                                                                                                                                                            "C:\Program Files (x86)\Palisade\Evolver8\EvolverOutOfProcessServer8.exe" /REGSERVER
                                                                                                                                                                            3⤵
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            • Modifies registry class
                                                                                                                                                                            PID:4612
                                                                                                                                                                          • C:\Program Files (x86)\Palisade\Evolver8\EvolverWatcher.exe
                                                                                                                                                                            "C:\Program Files (x86)\Palisade\Evolver8\EvolverWatcher.exe" /REGSERVER
                                                                                                                                                                            3⤵
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            PID:3712
                                                                                                                                                                          • C:\Program Files (x86)\Palisade\NeuralTools8\PalNTSvr8.exe
                                                                                                                                                                            "C:\Program Files (x86)\Palisade\NeuralTools8\PalNTSvr8.exe" /REGSERVER
                                                                                                                                                                            3⤵
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            • Modifies registry class
                                                                                                                                                                            PID:4860
                                                                                                                                                                          • C:\Program Files (x86)\Palisade\StatTools8\StatToolsOutOfProcessServer8.exe
                                                                                                                                                                            "C:\Program Files (x86)\Palisade\StatTools8\StatToolsOutOfProcessServer8.exe" /regserver
                                                                                                                                                                            3⤵
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            PID:3672
                                                                                                                                                                          • C:\Program Files (x86)\Palisade\NeuralTools8\PalNTSvr8.exe
                                                                                                                                                                            "C:\Program Files (x86)\Palisade\NeuralTools8\PalNTSvr8.exe" /regserver
                                                                                                                                                                            3⤵
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            PID:404
                                                                                                                                                                          • C:\Program Files (x86)\Palisade\NeuralTools8\NeuralToolsOutOfProcessServer8.exe
                                                                                                                                                                            "C:\Program Files (x86)\Palisade\NeuralTools8\NeuralToolsOutOfProcessServer8.exe" /regserver
                                                                                                                                                                            3⤵
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            PID:5036
                                                                                                                                                                          • C:\Program Files (x86)\Palisade\TopRank8\TopRankProgress.exe
                                                                                                                                                                            "C:\Program Files (x86)\Palisade\TopRank8\TopRankProgress.exe" /regserver
                                                                                                                                                                            3⤵
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            PID:2004
                                                                                                                                                                          • C:\Program Files (x86)\Palisade\TopRank8\TopRankOutOfProcessServer.exe
                                                                                                                                                                            "C:\Program Files (x86)\Palisade\TopRank8\TopRankOutOfProcessServer.exe" /regserver
                                                                                                                                                                            3⤵
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            PID:1864
                                                                                                                                                                          • C:\Program Files (x86)\Palisade\PrecisionTree8\PtreeOutOfProcessServer.exe
                                                                                                                                                                            "C:\Program Files (x86)\Palisade\PrecisionTree8\PtreeOutOfProcessServer.exe" /regserver
                                                                                                                                                                            3⤵
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            • Modifies registry class
                                                                                                                                                                            PID:5020
                                                                                                                                                                          • C:\Program Files (x86)\Palisade\System\PalGraph8Server.exe
                                                                                                                                                                            "C:\Program Files (x86)\Palisade\System\PalGraph8Server.exe" /regserver
                                                                                                                                                                            3⤵
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            • Modifies registry class
                                                                                                                                                                            PID:2184
                                                                                                                                                                          • C:\Program Files (x86)\Palisade\Evolver8\EvolverWatcher.exe
                                                                                                                                                                            "C:\Program Files (x86)\Palisade\Evolver8\EvolverWatcher.exe" /regserver
                                                                                                                                                                            3⤵
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            PID:3764
                                                                                                                                                                          • C:\Program Files (x86)\Palisade\Evolver8\EvolverOutOfProcessServer8.exe
                                                                                                                                                                            "C:\Program Files (x86)\Palisade\Evolver8\EvolverOutOfProcessServer8.exe" /regserver
                                                                                                                                                                            3⤵
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            PID:1672
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\{572B1280-BCAB-4175-B37B-14C3AA57A797}\_isDAAF.exe
                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\{572B1280-BCAB-4175-B37B-14C3AA57A797}\_isDAAF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D39CF9E8-F5C3-4424-9567-07CB5A010F24}
                                                                                                                                                                            3⤵
                                                                                                                                                                              PID:3228
                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\{572B1280-BCAB-4175-B37B-14C3AA57A797}\_isDAAF.exe
                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\{572B1280-BCAB-4175-B37B-14C3AA57A797}\_isDAAF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{28E3BDA2-1C44-4A1F-9714-6A0FC72F8CA2}
                                                                                                                                                                              3⤵
                                                                                                                                                                                PID:1596
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\{572B1280-BCAB-4175-B37B-14C3AA57A797}\_isDAAF.exe
                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\{572B1280-BCAB-4175-B37B-14C3AA57A797}\_isDAAF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8DB92B99-00B1-4E98-B293-49AF80C6BBAD}
                                                                                                                                                                                3⤵
                                                                                                                                                                                  PID:4464
                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\{572B1280-BCAB-4175-B37B-14C3AA57A797}\_isDAAF.exe
                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\{572B1280-BCAB-4175-B37B-14C3AA57A797}\_isDAAF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2EAC9375-9467-44DB-8DF7-EBADB93541E1}
                                                                                                                                                                                  3⤵
                                                                                                                                                                                    PID:4392
                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\{572B1280-BCAB-4175-B37B-14C3AA57A797}\_isDAAF.exe
                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\{572B1280-BCAB-4175-B37B-14C3AA57A797}\_isDAAF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3CE83FA5-40BC-4F87-99E0-377728C61D65}
                                                                                                                                                                                    3⤵
                                                                                                                                                                                      PID:1112
                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\{572B1280-BCAB-4175-B37B-14C3AA57A797}\_isDAAF.exe
                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\{572B1280-BCAB-4175-B37B-14C3AA57A797}\_isDAAF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AAFFE39B-BE5B-4DF9-AED2-2F24EF191132}
                                                                                                                                                                                      3⤵
                                                                                                                                                                                        PID:1920
                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\{572B1280-BCAB-4175-B37B-14C3AA57A797}\_isDAAF.exe
                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\{572B1280-BCAB-4175-B37B-14C3AA57A797}\_isDAAF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DB4DEB7D-963F-4D07-BA76-49491E1CD225}
                                                                                                                                                                                        3⤵
                                                                                                                                                                                          PID:892
                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\{572B1280-BCAB-4175-B37B-14C3AA57A797}\_isDAAF.exe
                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\{572B1280-BCAB-4175-B37B-14C3AA57A797}\_isDAAF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6FC432CC-A607-48F3-9F2E-16FB6781C982}
                                                                                                                                                                                          3⤵
                                                                                                                                                                                            PID:3900
                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\{572B1280-BCAB-4175-B37B-14C3AA57A797}\_isDAAF.exe
                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\{572B1280-BCAB-4175-B37B-14C3AA57A797}\_isDAAF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9385489F-24C0-49E1-8871-C2961F139397}
                                                                                                                                                                                            3⤵
                                                                                                                                                                                              PID:2464
                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\{572B1280-BCAB-4175-B37B-14C3AA57A797}\_isDAAF.exe
                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\{572B1280-BCAB-4175-B37B-14C3AA57A797}\_isDAAF.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{009D64C9-E911-4271-928E-23B3635D0755}
                                                                                                                                                                                              3⤵
                                                                                                                                                                                                PID:4232
                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\{6BDD6E4F-276E-4BA4-B494-7F12674F5DF5}\_isDE88.exe
                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\{6BDD6E4F-276E-4BA4-B494-7F12674F5DF5}\_isDE88.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{705B7349-24A7-4991-BD88-1D9BB401C333}
                                                                                                                                                                                                3⤵
                                                                                                                                                                                                  PID:1252
                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\{6BDD6E4F-276E-4BA4-B494-7F12674F5DF5}\_isDE88.exe
                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\{6BDD6E4F-276E-4BA4-B494-7F12674F5DF5}\_isDE88.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E6BE3591-E5C5-4446-815B-40B94E30B911}
                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                    PID:4596
                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\{6BDD6E4F-276E-4BA4-B494-7F12674F5DF5}\_isDE88.exe
                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\{6BDD6E4F-276E-4BA4-B494-7F12674F5DF5}\_isDE88.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DF86A027-6E4A-4D22-8C4E-2971C74B88E1}
                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                      PID:4300
                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\{6BDD6E4F-276E-4BA4-B494-7F12674F5DF5}\_isDE88.exe
                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\{6BDD6E4F-276E-4BA4-B494-7F12674F5DF5}\_isDE88.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{42F79127-95AC-400A-A761-F5895B642BFC}
                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                        PID:3764
                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\{6BDD6E4F-276E-4BA4-B494-7F12674F5DF5}\_isDE88.exe
                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\{6BDD6E4F-276E-4BA4-B494-7F12674F5DF5}\_isDE88.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A70AFEC9-25EB-47CB-8DF6-9A296B1373E7}
                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                          PID:2476
                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\{6BDD6E4F-276E-4BA4-B494-7F12674F5DF5}\_isDE88.exe
                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\{6BDD6E4F-276E-4BA4-B494-7F12674F5DF5}\_isDE88.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E7ECBEF9-2C7E-4A54-A85B-E84E724B8965}
                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                            PID:3496
                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\{6BDD6E4F-276E-4BA4-B494-7F12674F5DF5}\_isDE88.exe
                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\{6BDD6E4F-276E-4BA4-B494-7F12674F5DF5}\_isDE88.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7D190956-7349-4076-85B9-A303F298CCBB}
                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                              PID:4552
                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\{6BDD6E4F-276E-4BA4-B494-7F12674F5DF5}\_isDE88.exe
                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\{6BDD6E4F-276E-4BA4-B494-7F12674F5DF5}\_isDE88.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0E4DE9DA-974B-48B7-90F9-D2C22EA9E76A}
                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                PID:4000
                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\{6BDD6E4F-276E-4BA4-B494-7F12674F5DF5}\_isDE88.exe
                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\{6BDD6E4F-276E-4BA4-B494-7F12674F5DF5}\_isDE88.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E503C6E8-0FE4-4B86-8397-B7EC309206B5}
                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                  PID:4948
                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\{6BDD6E4F-276E-4BA4-B494-7F12674F5DF5}\_isDE88.exe
                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\{6BDD6E4F-276E-4BA4-B494-7F12674F5DF5}\_isDE88.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9361FF1B-169F-4E98-A6D5-69D2B0BCC8A0}
                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                    PID:1100
                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\{47641A19-5B4E-497C-8C72-35EDDB104DEB}\_isE224.exe
                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\{47641A19-5B4E-497C-8C72-35EDDB104DEB}\_isE224.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1D970723-3F29-4C07-8CE5-BF947EF18364}
                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                      PID:2092
                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\{47641A19-5B4E-497C-8C72-35EDDB104DEB}\_isE224.exe
                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\{47641A19-5B4E-497C-8C72-35EDDB104DEB}\_isE224.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C9D2A936-63F2-40BE-B367-C3C9C8F693D1}
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                        PID:1484
                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\{47641A19-5B4E-497C-8C72-35EDDB104DEB}\_isE224.exe
                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\{47641A19-5B4E-497C-8C72-35EDDB104DEB}\_isE224.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F32F2DE2-CC3A-4A4B-A9D5-6CF2772413D5}
                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                          PID:116
                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\{47641A19-5B4E-497C-8C72-35EDDB104DEB}\_isE224.exe
                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\{47641A19-5B4E-497C-8C72-35EDDB104DEB}\_isE224.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{69E6C720-05E5-4070-8BCB-5C801B00CD35}
                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                            PID:2988
                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\{47641A19-5B4E-497C-8C72-35EDDB104DEB}\_isE224.exe
                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\{47641A19-5B4E-497C-8C72-35EDDB104DEB}\_isE224.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C1BAAF9E-7058-4102-B064-AAA594516B19}
                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                              PID:2656
                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\{47641A19-5B4E-497C-8C72-35EDDB104DEB}\_isE224.exe
                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\{47641A19-5B4E-497C-8C72-35EDDB104DEB}\_isE224.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2119C46E-5499-4F51-898C-5FC727988A61}
                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                PID:2344
                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\{47641A19-5B4E-497C-8C72-35EDDB104DEB}\_isE224.exe
                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\{47641A19-5B4E-497C-8C72-35EDDB104DEB}\_isE224.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{00030869-4597-48BE-BF5C-7E1B4598C34F}
                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                  PID:904
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\{47641A19-5B4E-497C-8C72-35EDDB104DEB}\_isE224.exe
                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\{47641A19-5B4E-497C-8C72-35EDDB104DEB}\_isE224.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{95E2F86C-E894-45B2-8E18-4628D886017D}
                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                    PID:2136
                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\{47641A19-5B4E-497C-8C72-35EDDB104DEB}\_isE224.exe
                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\{47641A19-5B4E-497C-8C72-35EDDB104DEB}\_isE224.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{68CCEAA9-CCFA-4518-91F8-AB4151A43642}
                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                      PID:1252
                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\{47641A19-5B4E-497C-8C72-35EDDB104DEB}\_isE224.exe
                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\{47641A19-5B4E-497C-8C72-35EDDB104DEB}\_isE224.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C74BB05A-2605-40BD-9D3A-E54DEE1E7CF2}
                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                        PID:4596
                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\{CE09112A-3FD7-4A7D-8163-97DC7520D189}\_isE3DB.exe
                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\{CE09112A-3FD7-4A7D-8163-97DC7520D189}\_isE3DB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DF624999-FB3B-4609-823D-7A7D4475CE71}
                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                          PID:4380
                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\{CE09112A-3FD7-4A7D-8163-97DC7520D189}\_isE3DB.exe
                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\{CE09112A-3FD7-4A7D-8163-97DC7520D189}\_isE3DB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{34D8B236-9DCC-4D99-B81A-144D1782B281}
                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                            PID:4552
                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\{CE09112A-3FD7-4A7D-8163-97DC7520D189}\_isE3DB.exe
                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\{CE09112A-3FD7-4A7D-8163-97DC7520D189}\_isE3DB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1F6EEC61-E458-4DC6-AFB3-B2317175C024}
                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                              PID:4000
                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\{CE09112A-3FD7-4A7D-8163-97DC7520D189}\_isE3DB.exe
                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\{CE09112A-3FD7-4A7D-8163-97DC7520D189}\_isE3DB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{82A95484-87C8-413B-A759-E0E09FE53CF5}
                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                PID:4948
                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\{CE09112A-3FD7-4A7D-8163-97DC7520D189}\_isE3DB.exe
                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\{CE09112A-3FD7-4A7D-8163-97DC7520D189}\_isE3DB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A0D391EE-D232-48C9-AE9E-1BBD8E66B0CA}
                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                  PID:1464
                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\{CE09112A-3FD7-4A7D-8163-97DC7520D189}\_isE3DB.exe
                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\{CE09112A-3FD7-4A7D-8163-97DC7520D189}\_isE3DB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{51F65BF2-E6D8-4055-89EE-771BB89BF149}
                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                    PID:4976
                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\{CE09112A-3FD7-4A7D-8163-97DC7520D189}\_isE3DB.exe
                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\{CE09112A-3FD7-4A7D-8163-97DC7520D189}\_isE3DB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{953B5D21-2482-458B-82F3-CAD1C18C9FA6}
                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                      PID:4556
                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\{CE09112A-3FD7-4A7D-8163-97DC7520D189}\_isE3DB.exe
                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\{CE09112A-3FD7-4A7D-8163-97DC7520D189}\_isE3DB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6FB03BE1-5536-4BA6-97C9-3B7CE651BF3C}
                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                        PID:4816
                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\{CE09112A-3FD7-4A7D-8163-97DC7520D189}\_isE3DB.exe
                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\{CE09112A-3FD7-4A7D-8163-97DC7520D189}\_isE3DB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C4ECE292-3011-4791-B09B-2471327AE068}
                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                          PID:892
                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\{CE09112A-3FD7-4A7D-8163-97DC7520D189}\_isE3DB.exe
                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\{CE09112A-3FD7-4A7D-8163-97DC7520D189}\_isE3DB.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3401F6C6-1D9D-4331-B1C9-C2175B14AC08}
                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                            PID:3900
                                                                                                                                                                                                                                                          • C:\Program Files (x86)\Palisade\System\PalFlexServer8.exe
                                                                                                                                                                                                                                                            "C:\Program Files (x86)\Palisade\System\PalFlexServer8.exe" -Server -Installer
                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                            PID:2976
                                                                                                                                                                                                                                                        • C:\Windows\syswow64\MsiExec.exe
                                                                                                                                                                                                                                                          "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Windows\SysWOW64\RICHTX32.OCX"
                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                          PID:4744
                                                                                                                                                                                                                                                      • C:\Windows\system32\vssvc.exe
                                                                                                                                                                                                                                                        C:\Windows\system32\vssvc.exe
                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                        • Checks SCSI registry key(s)
                                                                                                                                                                                                                                                        PID:2768
                                                                                                                                                                                                                                                      • C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
                                                                                                                                                                                                                                                        "C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe"
                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                        PID:2000
                                                                                                                                                                                                                                                      • C:\Program Files (x86)\Palisade\System\Palisade.PrecisionTree.Launcher.exe
                                                                                                                                                                                                                                                        "C:\Program Files (x86)\Palisade\System\Palisade.PrecisionTree.Launcher.exe"
                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                        • Checks computer location settings
                                                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                        PID:2792
                                                                                                                                                                                                                                                        • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                                                          "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"
                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                          • Checks processor information in registry
                                                                                                                                                                                                                                                          • Enumerates system info in registry
                                                                                                                                                                                                                                                          • Suspicious behavior: AddClipboardFormatListener
                                                                                                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                          PID:2916
                                                                                                                                                                                                                                                          • C:\Program Files (x86)\Palisade\System\PalFlexServer8.exe
                                                                                                                                                                                                                                                            "C:\Program Files (x86)\Palisade\System\PalFlexServer8.exe" -Server
                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                            PID:940
                                                                                                                                                                                                                                                      • C:\Program Files (x86)\Palisade\PrecisionTree8\PtreeOutOfProcessServer.exe
                                                                                                                                                                                                                                                        "C:\Program Files (x86)\Palisade\PrecisionTree8\PtreeOutOfProcessServer.exe" -Embedding
                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                        • Checks computer location settings
                                                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                        PID:4380
                                                                                                                                                                                                                                                        • C:\Program Files (x86)\Palisade\System\Palisade.DT.SoftwareUpdater8.exe
                                                                                                                                                                                                                                                          "C:\Program Files (x86)\Palisade\System\Palisade.DT.SoftwareUpdater8.exe" 3 3 8.6.1 21 8.7.0 365 False 8/8/2024 1 https://update2.palisade.com/updates/?pid=1400-i-8000-r&devid=0 -1 False False 0 132060 9
                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                          PID:3080
                                                                                                                                                                                                                                                      • C:\Program Files (x86)\Palisade\System\Palisade.Risk.Launcher.exe
                                                                                                                                                                                                                                                        "C:\Program Files (x86)\Palisade\System\Palisade.Risk.Launcher.exe"
                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                        • Checks computer location settings
                                                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                        PID:624
                                                                                                                                                                                                                                                        • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                                                          "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"
                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                          • Checks processor information in registry
                                                                                                                                                                                                                                                          • Enumerates system info in registry
                                                                                                                                                                                                                                                          • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                          • Suspicious behavior: AddClipboardFormatListener
                                                                                                                                                                                                                                                          • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                          PID:2316
                                                                                                                                                                                                                                                          • C:\Program Files (x86)\Palisade\System\PalFlexServer8.exe
                                                                                                                                                                                                                                                            "C:\Program Files (x86)\Palisade\System\PalFlexServer8.exe" -Server
                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                            PID:1796
                                                                                                                                                                                                                                                          • C:\Program Files (x86)\Palisade\System\Palisade.Risk.ProgressProcess8.exe
                                                                                                                                                                                                                                                            "C:\Program Files (x86)\Palisade\System\Palisade.Risk.ProgressProcess8.exe" -2147483648
                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                            PID:4556
                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 1560
                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                              • Program crash
                                                                                                                                                                                                                                                              PID:5920
                                                                                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://help.palisade.com/v8_6/en/Guides/@RISK-Getting-Started-Guide.pdf
                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                            • Enumerates system info in registry
                                                                                                                                                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                                                                                                                                                            • Suspicious use of FindShellTrayWindow
                                                                                                                                                                                                                                                            • Suspicious use of SendNotifyMessage
                                                                                                                                                                                                                                                            PID:4248
                                                                                                                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff9c0c646f8,0x7ff9c0c64708,0x7ff9c0c64718
                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                PID:2184
                                                                                                                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14691379153677733008,11878536667755775541,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                  PID:2036
                                                                                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,14691379153677733008,11878536667755775541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                                  PID:2520
                                                                                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,14691379153677733008,11878536667755775541,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                    PID:3888
                                                                                                                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14691379153677733008,11878536667755775541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                      PID:5004
                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14691379153677733008,11878536667755775541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                        PID:2468
                                                                                                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14691379153677733008,11878536667755775541,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                          PID:4052
                                                                                                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2124,14691379153677733008,11878536667755775541,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=5224 /prefetch:6
                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                            PID:224
                                                                                                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                                                                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14691379153677733008,11878536667755775541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                              PID:3248
                                                                                                                                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                                                                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14691379153677733008,11878536667755775541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                                              PID:2372
                                                                                                                                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14691379153677733008,11878536667755775541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
                                                                                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                                                                                PID:5292
                                                                                                                                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14691379153677733008,11878536667755775541,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                  PID:5300
                                                                                                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14691379153677733008,11878536667755775541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                    PID:5464
                                                                                                                                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,14691379153677733008,11878536667755775541,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                      PID:5472
                                                                                                                                                                                                                                                                                  • C:\Program Files (x86)\Palisade\System\Palisade.DT.SoftwareUpdater8.exe
                                                                                                                                                                                                                                                                                    "C:\Program Files (x86)\Palisade\System\Palisade.DT.SoftwareUpdater8.exe" 0 3 8.6.1 21 8.7.0 365 False 8/8/2024 1 https://update2.palisade.com/updates/?pid=1400-i-8000-r&devid=0 -1 False True 0 263124 9
                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                    PID:4232
                                                                                                                                                                                                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                                                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                                  PID:2792
                                                                                                                                                                                                                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                                                                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                                    PID:1596
                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4556 -ip 4556
                                                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                                                      PID:2884
                                                                                                                                                                                                                                                                                    • C:\Windows\explorer.exe
                                                                                                                                                                                                                                                                                      C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                      • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                      • Suspicious behavior: AddClipboardFormatListener
                                                                                                                                                                                                                                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                                                                                                                                                      • Suspicious use of FindShellTrayWindow
                                                                                                                                                                                                                                                                                      PID:3732
                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\DllHost.exe
                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
                                                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                      PID:4376

                                                                                                                                                                                                                                                                                    Network

                                                                                                                                                                                                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                    Replay Monitor

                                                                                                                                                                                                                                                                                    Loading Replay Monitor...

                                                                                                                                                                                                                                                                                    Downloads

                                                                                                                                                                                                                                                                                    • C:\Config.Msi\e5b6b3c.rbs

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      460KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      fa45b632e47b25285afd64eae0862555

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      af46d56cfa568105c289f1d3e82abf5e1bfb2373

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      e061d48993688989d341d43610a14c6d098b742153a118ad70947f501bb89a1f

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      55c166d534f8739aecccdff7300b2454dda6ae80a44c50351d56ccf99fb376dfb2319ef09ed7703066a76ce243ab24eb095777753896aee71721c6e369747f2c

                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\fnp_registrations.xml

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      340B

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      fc26eb1a48777464babd0325ee2bc13c

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      36bb308af0215a04318f3026301cb70a33590032

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      f443a0cca74e71fc190928e2923baf493a9175daeffa94a709bb916610d4b220

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      c7eb1773e14cd59e6d608b1ff830136c371ee952d5f3a9b96def35163e1f1ead92fb93f86ca9f346ca2eab2c54caaf7e9c9f54449c96b36c12334b9cc3272cc2

                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Palisade\PrecisionTree8\PtreeOutOfProcessServer.exe.manifest

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      380B

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      913e6e083fe41536ded2c046ebfa7ab9

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      d9ea56d2f480605351d441a203ef078aa2664e9b

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      2febd04c771562610e3a71050392265015b904ea0ae9a8d1f243cd708a196e6a

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      4e8749cd661dc5710d676952078cddcbf7cc498fc7eea67fe3651829f6e4989f53a1441fd3cc6d6af61e6240cf8c06868990b15161521c279b7ce6140ded0cba

                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Palisade\System\PalE63D.tmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      405B

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      066ac70d36c8366513498d5bd1affeeb

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      c4cf43b1ace6d981c1a6250445ccde4c3c266e51

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      1d785931bbd20c2a606f3994fa6dfd4e73d531683573cf35d103f1e636ee3f71

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      3c9f37e589ca851133b3d99a62665c1006ea48b6c81b396cd66514ad6c18397ffe14738094194ee026b284517fdcbf5bf48b65d9ca22f088b7cbced486cc43a6

                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Palisade\System\Palisade.Evolver.Launcher.exe

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      111KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      c92997d1d8a43006a95138be1030c011

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      4d04428eecce6fe7faad36d7eb430c0ba55861e2

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      7f459caee68b81703d3c6bde87d3d50524606b89c8afcbde89ed9ef2eea8a0c3

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      c092e93955821e78322a69292ceffabfe1cf4ac1ade23202e1abc098f918504d80c1f12c1bbe7a9eab6b30b5736756504af8d8ccb751e55bea03c21a93fec224

                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Palisade\System\Palisade.NeuralTools.Launcher.exe

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      111KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      1cb660ce4f4c53255c36f48c92f9727f

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      40368a284b4bb09796c23d54e9ea72e594887704

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      da42ca8f52eac1de8d82aef49bd737139118ea9a9e3863ae63e30d2a2ad5df4c

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      3e8509525784c0257b8b58c8789e9453841e0413dffd0f61e6968c0a9083d320b45bdb12700ec7812131f6d0ceed4fe10ed9892f24fd0dacb03edfdd0094030e

                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Palisade\System\Palisade.PrecisionTree.Launcher.exe

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      111KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      45a1cbbe06f78a07d758e30a59d3f1e7

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      d4cb4f1758e4bc1889d01469635c862901a2132d

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      fe43a49aec222d42fb4b14d1bd6ae22fbae09b9ff1245f882b621a901e696cde

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      3b713f9a7b4458355d3b71be2201b7a5375ec86a0a637dd0bd0fea81d7ab7ed0be0daebfc04ed217a80373957382623b3310909ba1a99f4e07956e33c5ac97e9

                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Palisade\System\Palisade.Risk.Launcher.exe

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      111KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      e6bbe91df1d0d3e295e3df8b70b62c6c

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      3b76c7095c037bebd9385a385df70809ec62b7f2

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      2cb5963b40092ca6c7507b5eb4feabaf36119da7ef32513478442e9ea057de80

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      6f44dfcbebf138108c9d76ade55f9c803fd190bde98d83ba7a4a8629435db6a38d2133dee48513ebbedaa4a457200e40f57050048f58c10a14f29531a3718229

                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Palisade\System\Palisade.StatTools.Launcher.exe

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      111KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      e5179888e05ef9860c23dc5124e379d6

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      8c0a08117a19efd8602eb16b2a47f935026487de

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      c92549f2888378f270d95269a866199238f4fce32ac5445cc96e70963e33b062

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      3437ceed9473a826ee0190c528daa8e9595a5ac56a7dcbf0489ff940a09e11db55ee09ea479063c2b8b3b039b55b06c3a43b6933b9191e2fb1cf08b440c11c1d

                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Palisade\System\Palisade.TopRank.Launcher.exe

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      111KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      2f90ac665b9bd329daab06afa397f913

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      fa8d60ed4345fbaaf8abc3f49499c701afde95b4

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      a85404c8446939060318417b1f51808b728dea752f9652d7749213c2097a4b07

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      be3a220c850a7bdf4244bfc9fe0f7c4cba471472ce96f9f752f7f7dadc2cb1bfb9ff59ddedb52ac00fb61529d3502676100a2ede2cccb04b890d54bedff7220e

                                                                                                                                                                                                                                                                                    • C:\ProgramData\LexConf\data_D3C4F66AC5DAAC424CF7BFD1B3B3AB7B1B48CB5AE1247E213FD87838EA9A21E3.conf_temp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      594ffeefb97d912c0930bde3ac82843e

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      c5588b10465e44f6c21080ee4d23fed04ccc1dbd

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      7fea1170df22413d0b64735b3697a9d679a7671489ec1b406559d4441071f65a

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      28a9779490c8ec6cb9e8d11fc25663fabbf2d8d503b8bdeabc5700f7492cec261568df072370a0e144030e63a3d1155268c276f1e21fe06c3e2701fd5a8d90f6

                                                                                                                                                                                                                                                                                    • C:\ProgramData\LexConf\data_D3C4F66AC5DAAC424CF7BFD1B3B3AB7B1B48CB5AE1247E213FD87838EA9A21E3.conf_temp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      a361f6acc23e0bae5d0bd58fa8f940d4

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      c77dd99626f8c762e8220ed6a70396536ea43ea4

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      fc7b9b54e6115929b6e450cda1d3ae733712d3f08f0ee3bba3a51d7d71ac1e93

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      de023aafe7947172730b0849328829669d80a89b1b7846a1aa5528e32338c696485c786e5d3135b0b2121980e81260d45e38972c7c7e795247a07df44e3e5ed8

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Downloaded Installations\{4B0ACB22-5840-488D-86C1-47907D43E537}\1033.MST

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      20KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      224488ca46d31d75ec1273c18c86c2b8

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      9b4fed8c4fc1ae2177dcdc1d7cc299f2db13a658

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      b37d63916ed99404f2b1222e8030cdafdd78c00511ac269aac1531aeb0235e28

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      118fe0337e1c96d6a1ee472f0c6f0862e09c946f4f721c5cbbc9911bf34391b61fb566974562f5a1725f8f47863d3d27e839112b68dfc21dd7eea9e19055e767

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      152B

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      38f59a47b777f2fc52088e96ffb2baaf

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      267224482588b41a96d813f6d9e9d924867062db

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      152B

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      ab8ce148cb7d44f709fb1c460d03e1b0

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      44d15744015155f3e74580c93317e12d2cc0f859

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      185B

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      b9be130fb80dc98ef072621c6b71dd51

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      a106366a39b407e277ae6315919b0eb351dd11aa

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      21de0dc58c8c397205017dc4045088277ba37976e57704529f941b7afb8f455f

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      85a7d59882d7437f312200108f532f17f4d9a11aff8729ce9b0fd1483f2edbd2d2c7a5384e2e496982c7689cd664ad98e0fab30faf3809b2ea3ff7de4dfedb93

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      6KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      4c59e8172ad864c9bb570556b99df249

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      0d11793f2e7dba010750a7eabecce4c17e22083c

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      deded9f2da39ab2fde97d1a735a6e69df2e4991e4ff1ad3f4e61eaa972ae0525

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      5ee5634c329b2966eca0d06df87d1adb1208e2c905b92455c1d0d1f743b56f8f11b2c9cef36d8aca900aa0670cded75a1a21061561cbf9de8d6d81af4eddb143

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      7KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      6feab0e0d5b5696016d8e389fc54cd1d

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      8543613d1985403d86675529269be007f10a6449

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      be7f24673ce5f49032b31df3e83445bb3ba036264771c5b153d0b5dbe5ff2235

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      c5161124012fdbca84a187e53c79a237851fb28131b622705b18557d6a11bfde180a3273a36121f9d96f46cbcd0e04d4f75aa894412bfe4f5fc110775860f622

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      6KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      2d180cf7bbb030c7ce2385dca9270d27

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      137f4581b70964ae60f2183f66f6bf8cf0b73ccc

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      ee4a6315d2b70b820bee15699fdd9208b834160d3e48595e4703d79f6b7109fe

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      efe979bd126bae881fdbabfc988d57d1e816f547c1d60c49eeaec008d455a9712a079b1f4e09ab40bda2e2442f2f2e7bd3167e736ee81ba0410e1a1fca9f4a4c

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      16B

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      6752a1d65b201c13b62ea44016eb221f

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      12KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      461a2901551542d13d761588ac6b0464

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      39aadec66ddb211328472340713f253637c52624

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      d499b5fbae498bb0045351426b8187e52ee771159a278faf05522e139761b495

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      4ac2c0107635923da8444c225ff154b0557b9b39260c489a327e68a857537864f491f80a2969697b2ddc47507fd5582ae950462446d78cf7e8b37411ec543ae0

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      11KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      3510cb3ddeb322623c682cf7ec5d9862

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      85fcaf9cd624274b5372dda095499f1e20144896

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      a668b82d83a64b77ba1da891ef507a43d3f3f5190b12dad8b9794e06d006dfd2

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      ab9881706f5ee6907148af0946285c28eedf6ecd4e037dcddbc95057a4dcabe231f50695d4eb3c68558ccbfea966c16148f81d23c86bd3e538ebb11e1725698c

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\5B4ADF6B.tmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      68KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      32ec7afdf202de5b634318edc602ad15

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      56d8b59b7a07ee2cafda0dffc564f3e2065580e7

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      66ab97db98446da4b4d441ca26e16ea13988774b4800999b3653d2360f14da08

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      117742502ca227d06a82378d7fcdc41b8d90138fb09aa8dfebac8ef6835e1bb5e78da9f0c4550d9025a00367be8ddd0fc96d65a37eb8967e27809541f60eb43d

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\MSIB8C2.tmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      832KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      913b6675436bf50376f6a56a396e18d2

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      d3298e7c8165bdb6e175031e028f5a146bda7806

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      74248f11d83559298aef0396f1d44e3f55f02dfef82c8a3b0678138d65989fd7

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      281c47b4cd23481312b783e591a575d73697f7f4063800513227bcf1730da0e81789662a64f9746512f9782084105d5a6a7b60728ffbc502e306c82c9f99e166

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\MSIC23A.tmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      649KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      a3eb9f540bde891d9d2e28fb901a1d5e

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      16cf52a5ff4197e060a4e980e11704351c6f9206

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      97143ba76bd65c8dee43da06ad1063741a97fc64efd3788e1257cf9d80e827f1

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      7e3b6a5f3a55c306d210d3012d668bf4aacc5e1e63e5e1d6cf752a622d16167f1fd205cf87ddd65af0a3631e233791a3206983d9c24f7a19fe9f75bf355d31d0

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\PalDtools8.log

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      1KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      86661dbdae2c3cf02983c9180a9872a6

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      2807d8594f1143436bef51ed9488de475437304b

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      48d49a5386cf4c5d0aa28c0082a9301dfca52a93c137c1294ed41792d007f94d

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      589db43fb9e7d889648f7a1a90c7985c8ae2974c668b198f7eeb363888979efdc1f1fd9579c491f361449724e247326db4944774c0ba65dd6be12cf5f6e32f1a

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\PalDtools8.log

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      6de7f441d4361338679776373cd43f03

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      e07aea31a8c6f9470d6f646b9de6ef994f958b2b

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      d629a3c2647a388259ca1306f6948dff11b71800e740d32c94e3faf36227193c

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      10195b2319413d757f17f5ab41d8c8746c5a3ecacdf0eeab4ff963dbfccc9aa5ae2dca738f8a54aaaac038f3bf403f7779c362c0ee78d8b784f53dd43da990f3

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\PalDtools8.log

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      ebb045dcda1ba652019d3b1aeb290c02

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      ffbea6ba1a65610bc948aa069b8f77b4536ccf63

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      f02e4bcd9ab4aeba69f17ef23bed04c28a91dc7a72cc250e86769a4c9a8d7538

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      f69d42bbc0161af78e9c1fada0ef17133642478c28e2ac7a967708f13f8dc28b80f329895738befb8d6a4b3e5ca7a682dca2b15e438ee5e3d313f695df6671cf

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\PalDtools8.log

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      9dd52685b36a75cf38a0a24157943adf

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      64d6fb810ebcc0e89234cbd68f03362de801ee75

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      a31c12fa03af7bd7f83ff7c417f71688120f3323839381ccff079fd6ffa91f81

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      16f8c8b488f2addacdf37c6f4271221f1beb2603228a7efb31d02996cab4e3d0d3997ee841be3d6886080ff6b2eae25e32f263353bc4b2b03ed10d64104f1fc7

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\PalDtools8.log

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      3KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      c7229f4de8c0769de404338486be8171

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      c83610f430e3fbc0503af7582ef56155a34a731b

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      db18ec84e70d76a562ac089e84058c133bc0cbc78a1657fa6f973522066e3a9b

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      b3f57d3fb35164c9bec20a47b8a36f9a573390f2b3888de398d65c3e397f4f76ded9678bd7156eede08fa6b571c8e23e0074feb1ea835a73452b6c73e477d901

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\PalDtools8.log

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      46112fd625c1423736268324133fb14a

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      934b914ac3839398e3f94262cf08f21f105fef5f

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      6aa335815004a7bc6e10bd930e9a304194aa13d542cf87d627d158a35a47777c

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      3399097d99a8a874e66c6f8b4b191ef2cff230cffa81700aec82b80ce0b959a5ff49b424039e8639084ebd022d4970d1be86a017c45eade277ff21ff348e870b

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\PalDtoolsNet8.log

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      d1b4e9eb2b687a139f26fd08a4b40dd8

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      947e65922d6f53a4a594c663698357bfaa1c2494

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      4da8f2b3c19b323791e57fa58b2da88d5208d24bd4211efae19ec0472344831d

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      07dde545c8bfc96ae6c8ef4dc38e6e3bb3a168e077efc86975752f253642253b147a42625eca43147b2fc09ca95ed619d4e62f4bde6df71a115382489ade8610

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\PalDtoolsNet8.log

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      4KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      55be70bcac9d07e8e9dba5dff47d8e06

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      c149678999668f4b8e01f47e1741e0f53d60b03b

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      b304f34c397514a8fa5cf56abf5c454c1e198920d4751fa97972cff6778bb6f7

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      5983e3518eec6bdfec11cb8ce0fe6a53795818d849d2683c28a960e2fb717a722264aa27134ac5734db69acbb10c56f20a42eb04f0a4c8bbc953465159ceb349

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\PalFlexServer8.log

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      55KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      f0c0daf027ee09a9d9b582a2a690ab73

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      31631cfa74165d80ff09faa20c40ab5915bfd3b2

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      2fc577aaafa555d598d98cd489480874d9df8d4e952e440132d443b607a25733

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      0415474551e915df323b670088dd1590c6b3e6068fdea3e78dd7e03609e153808b440401bfe494303d408c6970efa0eaf3933f4f57133c2480e52e5d096fb65a

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\PalFlexServer8.log

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      56KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      b24463ca681777644a3f8763adf44a11

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      c0e6237501109e884afd129f7f3dbd96c393480f

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      424a54ebf67f65ccedba4d29b7e084d1330a956dca3a7d746e1ab38604354503

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      e487fda17b255204d05dc8ab450e3a6dfc7ee62565f68e3e88a1cfa17bdab0cc819926b8ec748b3985c2f3ca8a12751ce2cf3bff277d89e341ab86c2da9df740

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Palisade.SoftwareUpdater.log

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      53B

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      6be5d0719f8d9f2ba45eded9b23eb070

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      a22ffe924216fd9a38100d7af62f05d9201f2d49

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      9a658b8910d5b8605ac82b65d5addc9ea47ff5a00e4afef2287733d06d2c9442

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      999a94c4af96af4983f717879589a833bc6a6b3f90716f18c8d23f4ce5379c59174d0dd165d9443fd1e55f108863ba4e9e7cd9e85ebd1ed12c03aa2c2bf09d11

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\issAA9C.tmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      3.0MB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      2c7c549edd5e1e473a62a12bfb1ad6f4

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      f6c40927f79a5780ffde1e970893d0435a6c2acb

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      5c38ea9e7ca8177346f0a7d7c99148e97f331c52b58a1df71db92b9e339deb62

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      9c1454806af469678462bfc72323bbad937876460a12340448cd684fd3504a2e5f332df451655a842024d148299f57482a0c0e4c88577cc2193f88b8f3eb0940

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\{0E75F32D-463B-491D-80B1-2858647E6109}\_ISMSIDEL.INI

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      680B

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      66ed2505e35a9815b9f222af32bb0ae1

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      19324d9652daf22b58a7ba7a717e1f93aa940d37

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      42b1f0a07bb69d8a7ad7bd3dd51f73dcdbe714d6f4ea094fd113d22f56666b11

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      3daafda994115773d308824799472bded3550873827f52dbff0abb2734cf9473a9c6c110da8c010d690396798b897e7e1a52a302879337e43a9095982c69c5e9

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\{0E75F32D-463B-491D-80B1-2858647E6109}\_ISMSIDEL.INI

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      20B

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      db9af7503f195df96593ac42d5519075

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      1b487531bad10f77750b8a50aca48593379e5f56

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      0a33c5dffabcf31a1f6802026e9e2eef4b285e57fd79d52fdcd98d6502d14b13

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      6839264e14576fe190260a4b82afc11c88e50593a20113483851bf4abfdb7cca9986bef83f4c6b8f98ef4d426f07024cf869e8ab393df6d2b743b9b8e2544e1b

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\0x0409.ini

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      22KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      1196f20ca8bcaa637625e6a061d74c9e

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      d0946b58676c9c6e57645dbcffc92c61eca3b274

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      cdb316d7f9aa2d854eb28f7a333426a55cc65fa7d31b0bdf8ae108e611583d29

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      75e0b3b98ad8269dc8f7048537ad2b458fa8b1dc54cf39df015306abd6701aa8357e08c7d1416d80150ccfd591376ba803249197abdf726e75d50f79d7370ef3

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\0x040a.ini

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      25KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      b216bc7b827622578e60b0b37ce9c4c0

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      18eb706aa172440c783382fb317dcb2ef7d04e2a

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      4e42d96cf24224d3ed43e7e14227b96fde3b43235636480f8861db0b048ffddf

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      e4211ee47bccf98369b7760502cc04e7c036e7ee8eb8a29143519c35cf5295f9984ee8de1fc8d7e93352119f9cf5fcb3412b7e3749b1540fd38af7d996ab0700

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\_ISMSIDEL.INI

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      272B

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      b42097b870d56e024bab2fd10a414163

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      34126aa3a482097ff259a5e48b5fae8276f9a146

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      87f51c0696ec7a8e8f2969077d5ef611d91aa07d75960ea8553232c95767c8e7

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      95003bf9bb97a49d54f30c013dbadb6e157c69814a08a018190ea02561a6bd229c90f8bd467887786baeb1de8e1ac56b0ac5597a69bc0561632b914165138494

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\_ISMSIDEL.INI

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      680B

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      1276c966e7db6dfe06ae30ef2bb93257

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      a54dc69596a021c45c8d7676f5688e52ca94e3a3

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      93020ce8cc74ca2d72f12166bed3b04e590dd36836dd5ac4cf2aea2ddf07bb5a

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      a8999adf09ff134106bdde49de6317a73f6dec62fe5df439d61cc1fbfc5e469813e605d633c02a28620bdb8c49d8ba8d05ade03aecfaab50523ca1989081072a

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\ISRT.dll

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      1.1MB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      ff43031211486580947f25f293b8125b

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      31030ea85fce86a7679f80771838d58df631c28c

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      423d365b5737f925019c17b478a515b488cc55ea990e6ebeb9a77cdc7e2279e0

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      42196211580f2e22fd53dc29f9ce6d560a8cef2e2dae27ce5f5e77457ad9806b66df09aea6c27dfd2fbb781a975fa1c144e215d776ba31b6b9babbcc56190b1f

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\String1033.txt

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      200KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      a91ba613bbedd1a747aa30429eb5ef9c

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      d8ef050068ed45aff403373c1927a66d329ab1ff

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      e045e762a7f0fa0a4438f4c8380bf9306c427d0a026e7f0727d7121eb8de5bdb

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      9081828c796212b3005cd8e92d0f7a47107e6672f37c05f476cdada175f143a4f1c808a2c1ae8755851448ed64c2eebdff1de2e8453be359319d38229accf05b

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isBBDF.exe

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      198KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      28857f9a5dc8af367e533076267f5b4d

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      ddf08d6ccff46eb14a9441dcd5db0d9c08b424aa

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      9523ee07e5591102b16b48a9d7059ddaef997adabac0430d1c2a660d5a45e4ee

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      8989f6d28d02f3ae5fc494c4d8a87f9d2fd252dd468418c8410b3dce012ab2913f791f20e020260df294fd2b43d754cf3a4751d1e803825d432202685e51ba1a

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\_isres_0x0409.dll

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      1.8MB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      8afdae8fe83d1a813b54e48230aed2db

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      ad456e1f5440dbd40d9e7febbde0bbb3dff3ae4c

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      d79fc7fdc396927dac03419eea2f9a326c920a094074eb070aca712cdf0629c6

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      fce61a6f14af69495992e6684d821db8332069651ec0c4a47c09e953362b19a5cebdace32e07993533ca0cda8ad6be9ca89ff6c13d4ff5a8b637897c4b5f5bf4

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{0F8E2D92}\setup.inx

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      333KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      536ead0256dea9f0800c3bafec18f376

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      3943cb5a38f4bc1360ac6933d584b0e3a1a0f49f

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      e5df8a434654ab12c5e8b822f170ffb18ffc83d3e5a73ddd06d1cfb87c8e38a4

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      ccc0505dcf2194f7bd24e2295171a37a3b5c9430dca7a65c5b68d116f70aab5290e383147ec87d564916e9e5f79ecdeaf00b78ebb5b32788bafd2974986d8d30

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\{6589D08D-F969-406F-AB42-C261A80B99FB}\{A00699DF}\IsConfig.ini

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      736B

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      b262d5260776f09078750efc068c50d8

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      6d3ebc4f6774db9d8c940dcce71221d172b0b3e1

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      eefd23ba59d08891d0f98ad7898972d5998a6f8fd3f9ff02c8414420a0df76f2

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      f4a72639738ee982b6f8032d47a948845f7b7e8c1604f891a8fd25005d3b1984946db008d2d3acf957250f79ed12a90393ac87efdaf1747ffb8b059795037f5a

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\~92AE.tmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      6KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      583bfcc4f65dad72aeb529fbf691451d

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      2bf1ee1ef6e4d74fe9d04fff8f7ff7fb9e08da45

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      12589f3551d3b585d8d3268f0263bad747e8e1ca223412733406f0486d5debef

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      ff4f1f8a6dd5e3e7365dc6739573634a0581ab3ba407ab1a2ad3524e90abeca10aea5ccb77ac9be54b6a9f23f973b35a009348f2cfafc23193f8d8fc3ad187e8

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Excel\FB506E00

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      10KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      eb47c190f4fd1b9277f72e3f34bbd5c2

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      7a69b4b29e38703d83c8c347b9589dfd13d719a2

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      f2bfee06550fc5efcb65200cc2fcb765aacf2de268671ac2407f870499f05b87

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      3bd2382afa6376ac7f7f9a66ec4c18abbceb4a1ae78b3a59827280f1ceac58b1832046e600b6a0f94dcff82764e9411b5facd0a28db7e219b55accbad6b6e619

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      668B

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      62ba25b0d80649bc932caf1066ec5458

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      4b8123b9cafc1edf39880de49c4bfe1d63cfdbc4

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      7cc515d2390a1ee473b51cf39907ab6c175ee9148b4585e5e76699795cddd058

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      61c0348fe92f31e7d5179bdf8e0cbe09e0d165f373a6142b3f26c69618102117f63c1cb40f8280ab9ef978e0118656146defbb8996d96d7a06bd0f407104300d

                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      668B

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      c3aad3ce0dac7b12917818c310d0b511

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      09abb3b708fe64b2128004e3c085c9cdfc73969c

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      ba2aae04ef4ce1c81c67a94fc0f7ff2b0a2d6f3e14dafcc5f7284da911692fd3

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      150df21d0f63cb253f1d28343a77ca93e2a593f2d4f1f7481945ad9da102a39daee069f33fdc7e5b070d2d46d8193f85745585af6bd2cbddb95f9d17ca67c4b4

                                                                                                                                                                                                                                                                                    • C:\Windows\Installer\MSICCDC.tmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      622KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      cdbee49d4b9a86aae00a6d92d6d3823a

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      c8d01f5caff9f12f1c332ed533d7d4f6148e8514

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      3a6c03a81e2f535274f0ac876d06de1d30004a9a2cac800fbeaa05780efd59bd

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      2c731f7c8a74e7f292afb3cbb180872d9435c46e310cf5773ac223790088105595a481fafe86847a8fc8f88be26108bf907958c244adae21145230024a4f4123

                                                                                                                                                                                                                                                                                    • C:\Windows\Installer\{EBFF011D-73DC-4534-8D3B-A91F62BE1895}\NewShortcut12_7F26251EC52145C18BF10FFAB708FF59.exe

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      319KB

                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                      3883b1a99c872340336f0314fbc5e39d

                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                      998fd150a35d5307ed0ac29e0e6a2eb22fbdac86

                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                      99a8f425a6277282ed4e990893ae0931cbac14e6098bcbf1f21942d0b87c04af

                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                      ac8d524a796d44fd1f5b0b2d68c81de8d64e2a134d6feababea3b3b401f764fe560b18d83d410c706b71e09902725312f7e0ebc93c7d05eedbada867ac932b4b

                                                                                                                                                                                                                                                                                    • memory/8-1320-0x000001EC03320000-0x000001EC033BA000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      616KB

                                                                                                                                                                                                                                                                                    • memory/372-1323-0x0000000005820000-0x0000000005856000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      216KB

                                                                                                                                                                                                                                                                                    • memory/464-1301-0x0000000005770000-0x0000000005784000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      80KB

                                                                                                                                                                                                                                                                                    • memory/624-2804-0x0000000000650000-0x0000000000670000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                                                                    • memory/972-1322-0x000002EEC5310000-0x000002EEC534E000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      248KB

                                                                                                                                                                                                                                                                                    • memory/1004-1343-0x0000000005480000-0x000000000548A000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                                    • memory/1036-1334-0x00000177D97F0000-0x00000177D97FA000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                                    • memory/1316-1328-0x000001E8C6F60000-0x000001E8C6F82000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      136KB

                                                                                                                                                                                                                                                                                    • memory/1316-1327-0x000001E8C6EE0000-0x000001E8C6EEC000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      48KB

                                                                                                                                                                                                                                                                                    • memory/1416-1355-0x0000000005900000-0x0000000005930000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      192KB

                                                                                                                                                                                                                                                                                    • memory/1452-194-0x0000000003F10000-0x00000000040D7000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      1.8MB

                                                                                                                                                                                                                                                                                    • memory/1504-1309-0x00000000050C0000-0x00000000050D0000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                    • memory/1504-1305-0x0000000005130000-0x0000000005270000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      1.2MB

                                                                                                                                                                                                                                                                                    • memory/1504-1307-0x0000000005020000-0x000000000502A000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                                    • memory/1504-1308-0x0000000005750000-0x000000000587A000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      1.2MB

                                                                                                                                                                                                                                                                                    • memory/1504-1306-0x0000000005040000-0x0000000005068000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                    • memory/1504-1311-0x00000000053D0000-0x00000000053EE000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      120KB

                                                                                                                                                                                                                                                                                    • memory/1504-1310-0x00000000053A0000-0x00000000053C6000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      152KB

                                                                                                                                                                                                                                                                                    • memory/1640-1330-0x000001F1116F0000-0x000001F1116FC000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      48KB

                                                                                                                                                                                                                                                                                    • memory/1652-1326-0x0000000004D00000-0x0000000004D22000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      136KB

                                                                                                                                                                                                                                                                                    • memory/1652-1325-0x0000000004BE0000-0x0000000004BEC000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      48KB

                                                                                                                                                                                                                                                                                    • memory/1856-417-0x00000000039E0000-0x0000000003BA7000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      1.8MB

                                                                                                                                                                                                                                                                                    • memory/1856-407-0x00000000039D0000-0x0000000003B97000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      1.8MB

                                                                                                                                                                                                                                                                                    • memory/1872-1351-0x00000000056B0000-0x0000000005700000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      320KB

                                                                                                                                                                                                                                                                                    • memory/2212-1303-0x0000000004A00000-0x0000000004A18000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      96KB

                                                                                                                                                                                                                                                                                    • memory/2316-3361-0x0000029FB44B0000-0x0000029FB4F71000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      10.8MB

                                                                                                                                                                                                                                                                                    • memory/2316-3386-0x0000029FB44B0000-0x0000029FB4F71000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      10.8MB

                                                                                                                                                                                                                                                                                    • memory/2316-3271-0x0000029FB44B0000-0x0000029FB4F71000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      10.8MB

                                                                                                                                                                                                                                                                                    • memory/2316-2847-0x0000029FCD3A0000-0x0000029FCD434000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      592KB

                                                                                                                                                                                                                                                                                    • memory/2316-2823-0x00007FF9A9FF0000-0x00007FF9AA000000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                    • memory/2316-2822-0x00007FF9A9FF0000-0x00007FF9AA000000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                    • memory/2316-3298-0x0000029FB44B0000-0x0000029FB4F71000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      10.8MB

                                                                                                                                                                                                                                                                                    • memory/2316-2820-0x00007FF9A9FF0000-0x00007FF9AA000000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                    • memory/2316-2821-0x00007FF9A9FF0000-0x00007FF9AA000000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                    • memory/2316-3583-0x0000029FB44B0000-0x0000029FB4F71000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      10.8MB

                                                                                                                                                                                                                                                                                    • memory/2316-2819-0x00007FF9A9FF0000-0x00007FF9AA000000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                    • memory/2316-2915-0x0000029FAA260000-0x0000029FAA26E000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      56KB

                                                                                                                                                                                                                                                                                    • memory/2316-3330-0x0000029FB44B0000-0x0000029FB4F71000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      10.8MB

                                                                                                                                                                                                                                                                                    • memory/2316-3331-0x0000029FB44B0000-0x0000029FB4F71000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      10.8MB

                                                                                                                                                                                                                                                                                    • memory/2316-3341-0x0000029FB44B0000-0x0000029FB4F71000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      10.8MB

                                                                                                                                                                                                                                                                                    • memory/2316-3344-0x0000029FB44B0000-0x0000029FB4F71000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      10.8MB

                                                                                                                                                                                                                                                                                    • memory/2316-3354-0x0000029FB44B0000-0x0000029FB4F71000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      10.8MB

                                                                                                                                                                                                                                                                                    • memory/2316-3164-0x0000029FD4230000-0x0000029FD4250000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                                                                    • memory/2316-3362-0x0000029FB44B0000-0x0000029FB4F71000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      10.8MB

                                                                                                                                                                                                                                                                                    • memory/2316-3208-0x000002A7D5DC0000-0x000002A7D5DEE000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      184KB

                                                                                                                                                                                                                                                                                    • memory/2316-3387-0x0000029FB44B0000-0x0000029FB4F71000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      10.8MB

                                                                                                                                                                                                                                                                                    • memory/2316-3388-0x0000029FB44B0000-0x0000029FB4F71000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      10.8MB

                                                                                                                                                                                                                                                                                    • memory/2316-3389-0x0000029FB44B0000-0x0000029FB4F71000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      10.8MB

                                                                                                                                                                                                                                                                                    • memory/2316-3227-0x000002A7D5E30000-0x000002A7D5E68000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      224KB

                                                                                                                                                                                                                                                                                    • memory/2316-3482-0x0000029FB44B0000-0x0000029FB4F71000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      10.8MB

                                                                                                                                                                                                                                                                                    • memory/2372-1324-0x00000217C95B0000-0x00000217C95E6000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      216KB

                                                                                                                                                                                                                                                                                    • memory/2460-1333-0x0000000004EA0000-0x0000000004EAA000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                                    • memory/2792-1778-0x0000000005F60000-0x0000000006074000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      1.1MB

                                                                                                                                                                                                                                                                                    • memory/2792-1775-0x0000000000450000-0x0000000000470000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                                                                    • memory/2792-1776-0x0000000005980000-0x00000000059F6000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      472KB

                                                                                                                                                                                                                                                                                    • memory/2792-1777-0x0000000005390000-0x00000000053A6000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      88KB

                                                                                                                                                                                                                                                                                    • memory/2792-1816-0x0000000009940000-0x000000000996E000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      184KB

                                                                                                                                                                                                                                                                                    • memory/2792-1779-0x0000000008BC0000-0x0000000009236000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      6.5MB

                                                                                                                                                                                                                                                                                    • memory/2792-1780-0x00000000063D0000-0x000000000647E000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      696KB

                                                                                                                                                                                                                                                                                    • memory/2792-1787-0x0000000009EF0000-0x000000000A282000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      3.6MB

                                                                                                                                                                                                                                                                                    • memory/2792-1788-0x0000000009D00000-0x0000000009E96000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                    • memory/2792-1789-0x0000000009BD0000-0x0000000009BDA000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                                    • memory/2792-1790-0x000000000AE90000-0x000000000AEB0000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      128KB

                                                                                                                                                                                                                                                                                    • memory/2792-1821-0x0000000009990000-0x00000000099AE000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      120KB

                                                                                                                                                                                                                                                                                    • memory/2792-1817-0x000000000BDA0000-0x000000000BDD8000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      224KB

                                                                                                                                                                                                                                                                                    • memory/2916-2793-0x00007FF9A9FF0000-0x00007FF9AA000000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                    • memory/2916-1953-0x0000020625E50000-0x0000020625E66000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      88KB

                                                                                                                                                                                                                                                                                    • memory/2916-1803-0x00007FF9A9FF0000-0x00007FF9AA000000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                    • memory/2916-1804-0x00007FF9A7890000-0x00007FF9A78A0000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                    • memory/2916-1805-0x00007FF9A7890000-0x00007FF9A78A0000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                    • memory/2916-1801-0x00007FF9A9FF0000-0x00007FF9AA000000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                    • memory/2916-1800-0x00007FF9A9FF0000-0x00007FF9AA000000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                    • memory/2916-1799-0x00007FF9A9FF0000-0x00007FF9AA000000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                    • memory/2916-1802-0x00007FF9A9FF0000-0x00007FF9AA000000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                    • memory/2916-2800-0x0000020632A90000-0x0000020633551000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      10.8MB

                                                                                                                                                                                                                                                                                    • memory/2916-2797-0x00007FF9A9FF0000-0x00007FF9AA000000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                    • memory/2916-2509-0x0000020632A90000-0x0000020633551000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      10.8MB

                                                                                                                                                                                                                                                                                    • memory/2916-1954-0x0000020625F90000-0x00000206260A4000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      1.1MB

                                                                                                                                                                                                                                                                                    • memory/2916-1955-0x0000020650ED0000-0x0000020651546000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      6.5MB

                                                                                                                                                                                                                                                                                    • memory/2916-1957-0x000002064E010000-0x000002064E0BE000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      696KB

                                                                                                                                                                                                                                                                                    • memory/2916-1958-0x00000206518F0000-0x0000020651C82000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      3.6MB

                                                                                                                                                                                                                                                                                    • memory/2916-1959-0x0000020651550000-0x00000206516E6000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      1.6MB

                                                                                                                                                                                                                                                                                    • memory/2916-2794-0x00007FF9A9FF0000-0x00007FF9AA000000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                    • memory/2916-2320-0x0000020632A90000-0x0000020633551000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      10.8MB

                                                                                                                                                                                                                                                                                    • memory/2916-2792-0x00007FF9A9FF0000-0x00007FF9AA000000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                    • memory/2916-1319-0x0000000004FA0000-0x000000000503A000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      616KB

                                                                                                                                                                                                                                                                                    • memory/2916-2557-0x0000020632A90000-0x0000020633551000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      10.8MB

                                                                                                                                                                                                                                                                                    • memory/2924-1297-0x0000027073C40000-0x0000027073CA0000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      384KB

                                                                                                                                                                                                                                                                                    • memory/2924-1298-0x0000027074BC0000-0x0000027074E1E000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      2.4MB

                                                                                                                                                                                                                                                                                    • memory/2924-1299-0x0000027075090000-0x00000270752F8000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      2.4MB

                                                                                                                                                                                                                                                                                    • memory/2924-1295-0x0000027071BE0000-0x0000027071BFA000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      104KB

                                                                                                                                                                                                                                                                                    • memory/2924-1296-0x0000027073390000-0x00000270733D4000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      272KB

                                                                                                                                                                                                                                                                                    • memory/2924-1294-0x0000027071630000-0x0000027071640000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                    • memory/2936-1329-0x0000000005570000-0x000000000557C000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      48KB

                                                                                                                                                                                                                                                                                    • memory/3080-2524-0x0000000000D90000-0x0000000000DA8000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      96KB

                                                                                                                                                                                                                                                                                    • memory/3080-2535-0x0000000005970000-0x00000000059C6000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      344KB

                                                                                                                                                                                                                                                                                    • memory/3188-1304-0x0000022745F10000-0x0000022745F28000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      96KB

                                                                                                                                                                                                                                                                                    • memory/3244-1344-0x00000229F04A0000-0x00000229F04AA000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                                    • memory/3320-1339-0x0000014E5A060000-0x0000014E5A580000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      5.1MB

                                                                                                                                                                                                                                                                                    • memory/3320-1340-0x0000014E5C650000-0x0000014E5CDD2000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      7.5MB

                                                                                                                                                                                                                                                                                    • memory/3320-1338-0x0000014E5AD00000-0x0000014E5BEBE000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      17.7MB

                                                                                                                                                                                                                                                                                    • memory/3352-1357-0x000002324A960000-0x000002324A990000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      192KB

                                                                                                                                                                                                                                                                                    • memory/3616-1360-0x0000014DFE860000-0x0000014DFE86C000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      48KB

                                                                                                                                                                                                                                                                                    • memory/3684-1289-0x0000000005150000-0x0000000005194000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      272KB

                                                                                                                                                                                                                                                                                    • memory/3684-1286-0x00000000055B0000-0x0000000005B54000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      5.6MB

                                                                                                                                                                                                                                                                                    • memory/3684-1292-0x0000000005DC0000-0x0000000006028000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      2.4MB

                                                                                                                                                                                                                                                                                    • memory/3684-1291-0x0000000005B60000-0x0000000005DBE000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      2.4MB

                                                                                                                                                                                                                                                                                    • memory/3684-1290-0x00000000051A0000-0x0000000005200000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      384KB

                                                                                                                                                                                                                                                                                    • memory/3684-1287-0x00000000050B0000-0x0000000005142000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      584KB

                                                                                                                                                                                                                                                                                    • memory/3684-1285-0x0000000004F90000-0x0000000004FAA000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      104KB

                                                                                                                                                                                                                                                                                    • memory/3684-1284-0x0000000000640000-0x0000000000652000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      72KB

                                                                                                                                                                                                                                                                                    • memory/3760-1331-0x0000000004C00000-0x0000000004C3C000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      240KB

                                                                                                                                                                                                                                                                                    • memory/3792-601-0x0000022BC44C0000-0x0000022BC455E000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      632KB

                                                                                                                                                                                                                                                                                    • memory/3792-595-0x0000022BC49C0000-0x0000022BC4F66000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      5.6MB

                                                                                                                                                                                                                                                                                    • memory/3792-598-0x0000022BC4410000-0x0000022BC44C0000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      704KB

                                                                                                                                                                                                                                                                                    • memory/3852-1342-0x000001FC80E40000-0x000001FC80E4A000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                                    • memory/4072-1335-0x00000000077C0000-0x000000000897E000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      17.7MB

                                                                                                                                                                                                                                                                                    • memory/4072-1336-0x0000000006B20000-0x0000000007040000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      5.1MB

                                                                                                                                                                                                                                                                                    • memory/4072-1337-0x0000000009110000-0x0000000009892000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      7.5MB

                                                                                                                                                                                                                                                                                    • memory/4248-1302-0x00000183D5AD0000-0x00000183D5AE4000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      80KB

                                                                                                                                                                                                                                                                                    • memory/4296-1345-0x0000000005040000-0x00000000050DC000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      624KB

                                                                                                                                                                                                                                                                                    • memory/4372-1341-0x0000000004D60000-0x0000000004D6A000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                                    • memory/4380-2461-0x0000000004E80000-0x00000000050A3000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      2.1MB

                                                                                                                                                                                                                                                                                    • memory/4428-1423-0x0000000004370000-0x0000000004537000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      1.8MB

                                                                                                                                                                                                                                                                                    • memory/4428-1382-0x0000000004040000-0x000000000407B000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      236KB

                                                                                                                                                                                                                                                                                    • memory/4428-1385-0x0000000004040000-0x0000000004236000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      2.0MB

                                                                                                                                                                                                                                                                                    • memory/4428-1386-0x0000000003F10000-0x0000000003F33000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      140KB

                                                                                                                                                                                                                                                                                    • memory/4428-1387-0x0000000004040000-0x0000000004263000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      2.1MB

                                                                                                                                                                                                                                                                                    • memory/4428-1388-0x0000000004040000-0x0000000004094000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      336KB

                                                                                                                                                                                                                                                                                    • memory/4428-475-0x0000000003F90000-0x0000000004157000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      1.8MB

                                                                                                                                                                                                                                                                                    • memory/4452-1321-0x0000000005520000-0x000000000555E000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      248KB

                                                                                                                                                                                                                                                                                    • memory/4556-3071-0x0000000000700000-0x0000000000710000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                    • memory/4568-1353-0x00000147F7C20000-0x00000147F7C70000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      320KB

                                                                                                                                                                                                                                                                                    • memory/4672-1314-0x0000026B59A30000-0x0000026B59A3A000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      40KB

                                                                                                                                                                                                                                                                                    • memory/4672-1313-0x0000026B59A60000-0x0000026B59A88000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      160KB

                                                                                                                                                                                                                                                                                    • memory/4672-1318-0x0000026B59AC0000-0x0000026B59ADE000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      120KB

                                                                                                                                                                                                                                                                                    • memory/4672-1317-0x0000026B59AF0000-0x0000026B59B16000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      152KB

                                                                                                                                                                                                                                                                                    • memory/4672-1316-0x0000026B59A40000-0x0000026B59A50000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                    • memory/4672-1315-0x0000026B72710000-0x0000026B7283A000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      1.2MB

                                                                                                                                                                                                                                                                                    • memory/4672-1312-0x0000026B724A0000-0x0000026B725E0000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      1.2MB

                                                                                                                                                                                                                                                                                    • memory/4868-1359-0x0000000004A00000-0x0000000004A0C000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      48KB

                                                                                                                                                                                                                                                                                    • memory/4952-1332-0x0000019724370000-0x00000197243AC000-memory.dmp

                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                      240KB