5432a7db786a1c1819bd14366bdd3d7691888b8d3ee5363c4cf88ab6d8f1c71b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2024, 04:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
Size

19.8MB
MD5

b095aa48891654453ef741daf4e26961
SHA1

3dd198bc166ace35827769de93a26c81c9d13ac7
SHA256

5432a7db786a1c1819bd14366bdd3d7691888b8d3ee5363c4cf88ab6d8f1c71b
SHA512

62f0208123a7897a42d26ed42201a5c4a8b144d17c3f4c330a2e4fcd8dcc663e0c770813fb4d9d15c9596773a6373be388d12d65f3825dd881ae5791709d64ba
SSDEEP

393216:hpRg/CHmIAeoMYRtMYukLCJY0M+64BbU65lDJdfJjHdxtx7NXHPU1apZLdpxl:h4/dIAIYDMjkOJYY645XDVj9bRhHM1YP

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Unraid USB Creator\Qt5QmlWorkerScript.dll	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Material\SwipeView.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Imagine\SwitchDelegate.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\DelayButton.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\RoundButton.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\imageformats\qwbmp.dll	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtGraphicalEffects\RadialBlur.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtGraphicalEffects\ZoomBlur.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\Qt5QuickTemplates2.dll	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Templates.2\qtquicktemplates2plugin.dll	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Universal\TabBar.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Material\SwitchDelegate.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Fusion\CheckDelegate.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Fusion\PageIndicator.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\imageformats\qjpeg.dll	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\StackView.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Material\ElevationEffect.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Material\Menu.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Material\TextArea.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Fusion\Menu.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Imagine\Frame.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Fusion\SwitchIndicator.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtGraphicalEffects\Glow.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Universal\MenuBarItem.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Material\ScrollIndicator.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Material\SliderHandle.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Material\Switch.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Imagine\CheckBox.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Fusion\TabButton.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtGraphicalEffects\private\GaussianDirectionalBlur.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Window.2\windowplugin.dll	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Container.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\SplitView.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Imagine\Switch.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Fusion\Switch.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\Qt5WinExtras.dll	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Material\SplitView.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtGraphicalEffects\qtgraphicaleffectsplugin.dll	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtGraphicalEffects\private\GaussianGlow.qmlc	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\Qt5Widgets.dll	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick.2\qtquick2plugin.dll	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Universal\ComboBox.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Fusion\RangeSlider.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtGraphicalEffects\DropShadow.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtGraphicalEffects\private\GaussianMaskedBlur.qmlc	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\imageformats\qtga.dll	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\ToolBar.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Universal\qtquickcontrols2universalstyleplugin.dll	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Material\Dial.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Fusion\Button.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Fusion\CheckBox.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Material\SwipeDelegate.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Fusion\DelayButton.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Fusion\ScrollIndicator.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\Qt5Network.dll	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\Qt5QuickControls2.dll	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Layouts\qquicklayoutsplugin.dll	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Universal\PageIndicator.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Material\DelayButton.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Fusion\SpinBox.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Dial.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Material\plugins.qmltypes	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\Fusion\DialogButtonBox.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
File created	C:\Program Files (x86)\Unraid USB Creator\QtGraphicalEffects\ColorOverlay.qml	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe

Executes dropped EXE 1 IoCs

pid	Process
2316	unraid-usb-creator.exe

Loads dropped DLL 42 IoCs

pid	Process
1812	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
1812	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
1812	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unraid-usb-creator.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\GPU	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	SearchApp.exe

Modifies registry class 40 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.img	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.zstd\OpenWithProgIds\UNRAID_USB_CREATOR	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\UNRAID_USB_CREATOR	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\UNRAID_USB_CREATOR\shell\open\FriendlyAppName = "Unraid USB Creator"	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\UNRAID_USB_CREATOR\shell\open\command\ = "\"C:\\Program Files (x86)\\Unraid USB Creator\\unraid-usb-creator.exe\" \"%1\""	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.zip	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.gz	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.gz\OpenWithProgIds\UNRAID_USB_CREATOR	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.img\OpenWithProgIds	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.zip\OpenWithProgIds	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\UNRAID_USB_CREATOR\shell\open	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\UNRAID_USB_CREATOR\shell\open\command	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.img\OpenWithProgIds\UNRAID_USB_CREATOR	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.zip\OpenWithProgIds\UNRAID_USB_CREATOR	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.xz\OpenWithProgIds	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.xz	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.xz\OpenWithProgIds\UNRAID_USB_CREATOR	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.zstd\OpenWithProgIds	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.zstd	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\.gz\OpenWithProgIds	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\UNRAID_USB_CREATOR\shell	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2316	unraid-usb-creator.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
2316	unraid-usb-creator.exe
4560	SearchApp.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1812 wrote to memory of 2316	1812	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe	87
PID 1812 wrote to memory of 2316	1812	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe	87
PID 1812 wrote to memory of 2316	1812	SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe	87

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.TR.AD.NsisInject.yzerl.9891.982.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1812
- C:\Program Files (x86)\Unraid USB Creator\unraid-usb-creator.exe
  "C:\Program Files (x86)\Unraid USB Creator\unraid-usb-creator.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:2316

C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\8fbb6545f0604baba8823c7da79887e3 /t 3328 /p 4064
1⤵
PID:3988

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Unraid USB Creator\Qt5Core.dll

Filesize
8.2MB

MD5
39d509b1675c380dc549972506a8f717

SHA1
7fdbb1897ccd3ffcdee39ac3838e19f7b9d3f6c7

SHA256
bb88391d53cf771c58887cb54101b5dc638abeb84bce4beddd82be5fb4bae671

SHA512
bb4cfd92dd772b4d7a5bc84a6348be1e7d96864b086bfc331713ebefb47e30c7d1b304cde7d3a25b388ccd7e59816b0e3fe96f85676c722664be470723960ca9

Download Submit
C:\Program Files (x86)\Unraid USB Creator\Qt5Gui.dll

Filesize
9.2MB

MD5
f676936b5dfce1c5ac2f8a1a7f577844

SHA1
c9870365d594bf1d6a4215acd4e730695166f809

SHA256
77f8946ac559cd03694d9a36ab4630cc7d5f0db62b34c00ecec12bc021eafbe9

SHA512
ce4ca22c4afb55a035c68711708ac86b5abf08ddca0bb0b059c3ad130aa1c9266a36e412b4feaeb4cd89edda6aa8ad95225e0a777fb33bcbae828b41c316301a

Download Submit
C:\Program Files (x86)\Unraid USB Creator\Qt5Network.dll

Filesize
2.7MB

MD5
ced4531f553504ed6770d999f9c82cb9

SHA1
3405a3118bb6479413b9a749ce4c0b395622883c

SHA256
77f1bd3192d9e8b15dd23adb15a3f83e92e9474df9a30450247fbe9e96b71736

SHA512
df98b27470b30377928bcea23e18b0c3d8e7929d0d7ee6862887440f6ef577e5172fcb02b82a20b4903ce9eb7e1d00cfb8e1785476cbaaee3da92354f701dcbc

Download Submit
C:\Program Files (x86)\Unraid USB Creator\Qt5Qml.dll

Filesize
7.0MB

MD5
65781efc205f808159563cb526332e28

SHA1
771cfa537a523cad8987179a0211c653cda30c68

SHA256
7244b065771674bf963d998acefad1ee0c93ababfaf667724c4ea3c6bf4f0bce

SHA512
fadd974e9353575ec3e5f631643e246bfbbb0da30c90225fb18c587517603b4f279b0d5f1cab86e47844edb46f6832fda2a338e9717b1534faec7e76bd4d2304

Download Submit
C:\Program Files (x86)\Unraid USB Creator\Qt5QmlModels.dll

Filesize
947KB

MD5
a097b71d3afbc8e27dc4f577ed6ce0f1

SHA1
7ef05f005ee2dc7f0676d4b9fe22ee5dab86bb85

SHA256
4d4d9965174560fb8d9be778c2344deca655717a772bb549f57244cc92b58617

SHA512
70a96835180790e6f0c8ea99e2d16ef2484bea187a958a433340aedcec7a277b7b8ccfa82653be9bc7de5b0a4eb1962342a049749bc3357e15629bac3cd55649

Download Submit
C:\Program Files (x86)\Unraid USB Creator\Qt5QmlWorkerScript.dll

Filesize
141KB

MD5
4ecac5dda76d1060de28f45ae3746723

SHA1
f147bc6d65142fd8fb055ad8882c4099856bdc50

SHA256
c0896506288e3da386d0674fec374272a6785cb982b3b6fdcd2214fc6c431f69

SHA512
d6623ee3f50714db5acc6b40f46eec0677ea80136f078d8fd65a56b95ea4a24a13a0c54e9b01d856db152287bafde7474307a00cbde477cbcc7c7c50e57e478d

Download Submit
C:\Program Files (x86)\Unraid USB Creator\Qt5Quick.dll

Filesize
8.3MB

MD5
c300fa804a97c846a13f098a22934502

SHA1
3c3909fbdb64fd3a62134c3c634c7f2ded16ef36

SHA256
b7af3bc93e2905e336886805553dec7313e4567886f7f2ac5981778cdd67173b

SHA512
e45f011c10831c0f9542f1374d12e199403aab9e3291cb086a08bf119be2241faebe461af30f2235ff3b7af5267e1b4479d692bde46656a7145b61544f013dc1

Download Submit
C:\Program Files (x86)\Unraid USB Creator\Qt5Svg.dll

Filesize
582KB

MD5
825b515b5694b55982c4f7d004a94ad4

SHA1
7430898bb90f9e98bc85e0b172889c9bd63b5dc6

SHA256
d7f56abfc93e7d4d5c79b568222f09ffeecdd08f4c18c2c17dfab00114dd40a0

SHA512
1ae16ef69878efa975693f77498355a16622d4dbc619a674b5178d367c5cf82c64504cc8762033f2da4512c537afa20542dbdfd61a0fad91d44be87263d37993

Download Submit
C:\Program Files (x86)\Unraid USB Creator\Qt5Widgets.dll

Filesize
8.8MB

MD5
b037b86cd074ea2a216bbd4b7b489c9c

SHA1
bc6b32e01e03887b06e297009efcf965083aa435

SHA256
2f0c2a362f2ef318ce80e03e914981ad42a1751c74b534725a6bf3cf50ce03a3

SHA512
39472c8ba41dbe53e180568ca61472fd3b912ea55227bbc75e9e2889f9d18551b971079824e9102afe0f132782b20c42f2b7c06b576eba2509c36e5f77b6572b

Download Submit
C:\Program Files (x86)\Unraid USB Creator\Qt5WinExtras.dll

Filesize
432KB

MD5
ffd0b3e6a95ac68a7a534f932677b6e9

SHA1
e2b365833ba1125d2e41082e2f50564b437fc684

SHA256
a6b8f3b595bdd486143e80040dca1bc96390c0fc866e80c4a3a373c8b6a14b4e

SHA512
3590d4ed40f71a3f1028e806bf66a5d972132551d7f6c8056dee4d85126aa9ed3ecbc6c648310114179122fa71e419d237190ec404593b5dfb36ca54961ec26c

Download Submit
C:\Program Files (x86)\Unraid USB Creator\QtQuick.2\qmldir

Filesize
131B

MD5
d2cf96786ce59e93a2feb2178603a27f

SHA1
7478dfedcd7ac1795bf4ff2732ef716ec82b061a

SHA256
b6f63056ade6925aa070d3b2bd4133d26e80df4ea2719e81ad90027e19661ae8

SHA512
4fcde288c6a690728f919b70308b3bb2ead62c40223bea14e52ec5f3ef74f5467b1930f419df77d78b8d50e84ec81a1fe78cc9a3b42c4a6d261ba77c654a1714

Download Submit
C:\Program Files (x86)\Unraid USB Creator\QtQuick.2\qtquick2plugin.dll

Filesize
55KB

MD5
bc48935d7fb9d87eed3994024f1071f8

SHA1
9cea445364aae84a38d3e79b5aabdffd4229a284

SHA256
6fccb1c95c2198d15d818e640d7849af9215e741ebbaceecfee3f3315f90b0ae

SHA512
95dc78983ba867883766a3d2a988d56bd9c9a6252e8231e631a294c5a9cee3647862909f0282284d6c5d734d41685b8ca53823538bb23a7549098e5477676720

Download Submit
C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\qmldir

Filesize
140B

MD5
659ed029afaeabbe4235968ff5292736

SHA1
565ceba5b695eebbf28030965ee5929c2a5a2346

SHA256
7b404175bb8e2b0d3822e75320c8d6d09c61bb53f4513c235a7d04ac7d34fd57

SHA512
41fcb039c054c7decb9fc7ca198f3218dc0965813758b66c5b8b174b732040a33f2d3f54037aec7a9c48af5cd3bcc798ddd41c7458924b8c9bdd49a38846195b

Download Submit
C:\Program Files (x86)\Unraid USB Creator\QtQuick\Controls.2\qtquickcontrols2plugin.dll

Filesize
922KB

MD5
b64cdbba8f86ad1570980766ba01fc04

SHA1
f22fb76a9240414408cf732561a7306d1b49c49f

SHA256
9e7ae57b5f45ebca1f9130a238850910fb3d0124eaf69c219d94db0e74ec4c99

SHA512
13b03e6e0ee0c9497002ffe16956c498b4d6d5d40168e208d35039de58578a7d1b3d37dc3133344dec34072f0ec53a84f9e3061df97c0399fe825ac8aa77ebf1

Download Submit
C:\Program Files (x86)\Unraid USB Creator\QtQuick\Window.2\qmldir

Filesize
122B

MD5
c434589591a9b33cbe88891afbb7c144

SHA1
42476fb63f3cf463b4bb03b47048aa0918e588b5

SHA256
8d88b81547e1573f8c91df998ea82608e0a79770b014c82f760a67388b41945a

SHA512
5a09830970ea37942166c1e5e5ce0fe452290eb9cd662ffaa9858bdb61806caa03b1016d30c98871a7b6c8fdfa369e29e3940a5f9779d967b98ede5901f4d30f

Download Submit
C:\Program Files (x86)\Unraid USB Creator\QtQuick\Window.2\windowplugin.dll

Filesize
157KB

MD5
aaa6f063228fe0f039fbfbdd71350b52

SHA1
0191185074bd6ae95910a9abc33245d68501fd01

SHA256
9ce4c676795449331955fbe0475b0ced2672d9f2e3693df06dae8a354306614c

SHA512
0f5626fa285c914407debbb815c8a867da19cc50f0e08303d67783d57a5cb5ed73cdcbde7273b4cd19a576bb4dcfbf4b88d1e2b00003e3519c61e6a89681a31d

Download Submit
C:\Program Files (x86)\Unraid USB Creator\bearer\qgenericbearer.dll

Filesize
156KB

MD5
0cd5e6423509f722a14ea18cdbff9131

SHA1
f7e3dfbf13cf500d66239c6ebbace4d5b596c9d3

SHA256
196b17ace66fcba78ca81ed6bf26071b4d953a7c6d86604305080cfcd8130b2b

SHA512
d42bef1c5a5ece868171e4944a008e9c58ba4dfbe55fba4814c903c9eec5c651ad2a9b579c7fa06171f498ed8789954e91215e3d10369bfe8e7c3098777b85a4

Download Submit
C:\Program Files (x86)\Unraid USB Creator\iconengines\qsvgicon.dll

Filesize
96KB

MD5
0e84e74db3c3c6318b1e436cbc3bc9bd

SHA1
2417d9359b8d77523647bccc3de9f469846cd4a2

SHA256
aab86d4b897a38043f79c01ddbb5655e838dc3f907d9579ccce2b4a4299cd588

SHA512
dbeeb50f7955d912436353a9063b1ede40d2e60594896569ea64950c85f69c8cf5e1f2bfe297a09da24b891fe351a53f4d519dc19a5b976e6a81898d384afe3f

Download Submit
C:\Program Files (x86)\Unraid USB Creator\imageformats\qicns.dll

Filesize
96KB

MD5
d4f3874acb16d7da9b47e03166f738f7

SHA1
c113e2508c1c919123659dcd9c121ffd79e27516

SHA256
dab35f7cf1241ed3cec03bd7fe21c19e188308dd271b71307b2b135c7ea6befb

SHA512
4ea7192d5f9204dcb82916e7405c87ef857db9040b863c39cf2e6d2ec826bcfd7dffa3ddd9dc3bc9b88cfe5f20c36a5e203eca0346d739cd11a491809c3203f7

Download Submit
C:\Program Files (x86)\Unraid USB Creator\imageformats\qico.dll

Filesize
81KB

MD5
1323ccaa656e019b2cf3ce8604527bb1

SHA1
7c0a04f58cc920aa75d655acfb857cf40fa643f8

SHA256
09fa3fb14c3f2d5e0703bb4a7c0294b0fa43d0804e894fc428bcdcde5605cf27

SHA512
cf5fda6564259b8a570b491c19fee6c9e52d6226d6085c9bbe29a648978c70421e37d6dd94b77608495e5e8127db6e31f14c937d55fbcd1152ead98a4df4cb60

Download Submit
C:\Program Files (x86)\Unraid USB Creator\imageformats\qjpeg.dll

Filesize
476KB

MD5
9fb6482c0659d0a441a54b81232d64e1

SHA1
f0697271cc8f618d1305c0ed882d46791c42de68

SHA256
b15aeacee8e9d5490ee222c84ea2505e2c44893228e2b07e08158cdb9e01e6ab

SHA512
04546439ce8d9420549ac1bc670e71e7b5aa6c7cbc36e0d8e20900f0d582c62f967939e780680b02906c96f644f962b106f24a8521eb4019a638ac76118c3685

Download Submit
C:\Program Files (x86)\Unraid USB Creator\imageformats\qsvg.dll

Filesize
72KB

MD5
85d6831f35b51c402fa8d3e669f6fbcc

SHA1
432429d425c44cf42b24cbeb46ef9f5767ecb6ce

SHA256
de24ec415cd1bdbeaff32f10f5cad3315cc548b4de2acd8ed3a0386a8c772aae

SHA512
31fb7a5148831e01a41b5f819b362306204e3125cf89e09c296220252d0e09181c3b31eb767e5159b29bceef055fbc616102ad7e2c1ebcc90ff3d8e72ce6ebc5

Download Submit
C:\Program Files (x86)\Unraid USB Creator\imageformats\qtga.dll

Filesize
68KB

MD5
8ddae0d848400076e87bc9eb7b012feb

SHA1
42d85b443c5a2466c6389b17a622607d02969b48

SHA256
8eaf9d6e983b86b17aa7231b661d0ae17047239d9eaffc873fcfb1ee8f006a72

SHA512
44fb65a92e9a5032849c29a738d6cf2807c4fcbd767a136ef1823f67958a186c97c29fc4b7197f24d6aa1b51a11f6a0998418bd2675a95e368337c78d1b140e2

Download Submit
C:\Program Files (x86)\Unraid USB Creator\imageformats\qwbmp.dll

Filesize
67KB

MD5
76ca2612c03f2fd2f54dee7d217786c2

SHA1
ffc184e6e5b69fc7afeb0ec9104b18dbba34cfad

SHA256
d1903311c33a9f29af3b9a71f6f2534f1dca03627214d032133064586aa34b3e

SHA512
f23a0cce9ae220234730629e95be4db3b8d8faeec6dc9e3cece3bf8c424af4777f7311a0608b90ad1302eec537711291fee21350e403140d86f60c1f8edce3d0

Download Submit
C:\Program Files (x86)\Unraid USB Creator\libcrypto-1_1.dll

Filesize
3.1MB

MD5
97b0d80c9ac831207fa1d80fdbc1f4ca

SHA1
24f63bb64e4c098a07b84603b9db31d2faf747dc

SHA256
4c754c7b92fe58d8432ad438597a799a724aec949baf481a162da996b9e4d301

SHA512
b5de053b48d7d94d1dbf78d79e3cca19a36f1e797b4e28c238fb5e3df4e226486b31562958e64164db2e18a851d1f2c36ecd0df93573dd85ce8d7c91de9aa490

Download Submit
C:\Program Files (x86)\Unraid USB Creator\libgcc_s_dw2-1.dll

Filesize
113KB

MD5
9aec524b616618b0d3d00b27b6f51da1

SHA1
64264300801a353db324d11738ffed876550e1d3

SHA256
59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e

SHA512
0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0

Download Submit
C:\Program Files (x86)\Unraid USB Creator\libstdc++-6.dll

Filesize
1.5MB

MD5
051973a1420749e10d007049f15a30ab

SHA1
27141d4e7847e16f3cedd487dd3f074811556ff1

SHA256
672458902acead23b1a4dbca8b26e51324e88948196bc30d68703d45547898e8

SHA512
0f105ba29af981afe3a43e6d789f5df8a501c252d3f46bf730d5c92c98358c6656cbdc7bd7d5a0d4c5357ae0acb1144828358b07cf2b1515512ca9b4d3f047fa

Download Submit
C:\Program Files (x86)\Unraid USB Creator\libwinpthread-1.dll

Filesize
46KB

MD5
ed53eee1623a43e9ae174262169f0f2e

SHA1
4bf7e9fa40878e19d6d7b8277982ed958681af86

SHA256
0b5532f93126db45689d7e3162cfc6951f78738a182e52712bb2c71980468f23

SHA512
dce1bc89033313934323e9ad1fd0ef7a525df0fd8f2f7c64b5ca8f5e7780b5526ce9e1fff408f8a00b46f718763d492eae059b7d11d873eea3186e8584dca53c

Download Submit
C:\Program Files (x86)\Unraid USB Creator\platforms\qwindows.dll

Filesize
2.9MB

MD5
10de385a50aba297f8b92fb2eeaca1a3

SHA1
b1506e0f27f0661e3c46d2389159b8fc1fdc704b

SHA256
bd092da50a3d1d5113d0f5404bc8854faabc4875dd3247c81c4267fe8599e338

SHA512
29e8781cf4c98a2ea4d97cc0dd5f8bcfc8825caec55bd5d82c7124a4668c6823605910ac4f14d1a26fe46dfadc9bc8957c3c69b35d81837f8fc1f8d958e41f2c

Download Submit
C:\Program Files (x86)\Unraid USB Creator\styles\qwindowsvistastyle.dll

Filesize
332KB

MD5
f17db40c8253fab8642753677453c49c

SHA1
db14600290a48153481e5d84a378b08d8c55bcfb

SHA256
5e6bfaf6dcd4446ff34a6a385652923c470037963235072e624887d1bca98565

SHA512
b9ab3f59dd87e3f0752fcceec596ffa306b0bba6cba9864760e1a9b87ebbe0fc9c22adf8181bf6ec45973d774f91dbb6dc439809eea892cf92b7334a11212a29

Download Submit
C:\Program Files (x86)\Unraid USB Creator\unraid-usb-creator.exe

Filesize
4.5MB

MD5
dc000b09ac02561d809167d744dcfa87

SHA1
620402730218a23e9c9986fedb2109876d1e58f7

SHA256
08e5e3968546df321e444557a7376aaa61307f66b49276e82d94c3d3032d2af7

SHA512
d8344c260caf50f15e2f9ed607061b91111bc2de6aca752e4c6d347727af028c9e72187f4427d67dfd7d35b7d730a4d71c45f039b1657284963add912cfaa15f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133730082025033486.txt

Filesize
75KB

MD5
829802a891b973a4e617e5b1bda16c95

SHA1
2ab297ac53753fba2216ae6fa173dc291a83e0ae

SHA256
590eac77eb5fdead9b215b2379732260286a1a9ab043e84f5d088a3460b1d8e0

SHA512
7c9032b946e1e4c72530b674a2b4bfe878eb26669816bb81bf0469da2d0418add231df4101ff2c07312d2b803049f2f92befc413046433519bc8f226c4315f03

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuC4E8.tmp\InstallOptions.dll

Filesize
15KB

MD5
d095b082b7c5ba4665d40d9c5042af6d

SHA1
2220277304af105ca6c56219f56f04e894b28d27

SHA256
b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c

SHA512
61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuC4E8.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuC4E8.tmp\ioSpecial.ini

Filesize
1KB

MD5
2cc61cd6effd0549fc42f12ef08563f9

SHA1
3d00db2b894d68dc0ba257866e3002ae11612b15

SHA256
9230ab22ded9cd414eed65e29541584bcbc81ee9711663afd9848829b5b684c0

SHA512
449024e2520ae23eec79935b4a86fd5b1cd89f80b56109295f4a98bb9fbc5df58ee71510e64bb2854dd4fbafe15de1332072277c7442d925e3e843cb162dfe45

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuC4E8.tmp\ioSpecial.ini

Filesize
1KB

MD5
484b34321d9fd647a7e668c1d4f04f5a

SHA1
8c8115361cb2b27160d2568a6d3b376472e24b4e

SHA256
497c2ab91342a697d2dbecf253eabbee07df8b6f0bfd1c5b609c4e61ce19f28f

SHA512
4f31d4ef71cafe4adf28621831ac11ec2f782dd16a9f5ad7dc611db349f341cee52f49cd5384b07c36e65136972b81b212394b02c09522e358d7399429e7e0b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsuC4E8.tmp\ioSpecial.ini

Filesize
1KB

MD5
4b9c083cb00b65ed200db148decf55a6

SHA1
3b17cb23743a801df7091dace2759067377f44f4

SHA256
8f65cf7fee2f19501f24086222d08137c00aa6eed779d7faaa8d12e9613915b8

SHA512
f127f1022ddb0e73914d446ffdbc40126ba40296e71c565c6218c013372bbcedd53f032d8e9a0d89b4f070c0aaa2a190684fbd2be7f910172d7702635fecd0c9

Download Submit
memory/1812-86-0x0000000074515000-0x0000000074516000-memory.dmp

Filesize
4KB

Download
memory/1812-85-0x0000000004A30000-0x0000000004A31000-memory.dmp

Filesize
4KB

Download
memory/2316-684-0x00000000091C0000-0x00000000091C1000-memory.dmp

Filesize
4KB

Download
memory/2316-626-0x0000000005BB0000-0x00000000060AC000-memory.dmp

Filesize
5.0MB

Download
memory/2316-665-0x00000000091A0000-0x00000000091A1000-memory.dmp

Filesize
4KB

Download
memory/2316-663-0x0000000006530000-0x0000000006531000-memory.dmp

Filesize
4KB

Download
memory/2316-662-0x0000000006530000-0x0000000006531000-memory.dmp

Filesize
4KB

Download
memory/2316-661-0x0000000006530000-0x0000000006531000-memory.dmp

Filesize
4KB

Download
memory/2316-660-0x0000000006530000-0x0000000006531000-memory.dmp

Filesize
4KB

Download
memory/2316-659-0x0000000006520000-0x0000000006521000-memory.dmp

Filesize
4KB

Download
memory/2316-658-0x0000000006520000-0x0000000006521000-memory.dmp

Filesize
4KB

Download
memory/2316-657-0x0000000006530000-0x0000000006531000-memory.dmp

Filesize
4KB

Download
memory/2316-656-0x0000000006530000-0x0000000006531000-memory.dmp

Filesize
4KB

Download
memory/2316-654-0x0000000006520000-0x0000000006521000-memory.dmp

Filesize
4KB

Download
memory/2316-653-0x0000000006520000-0x0000000006521000-memory.dmp

Filesize
4KB

Download
memory/2316-652-0x0000000006520000-0x0000000006521000-memory.dmp

Filesize
4KB

Download
memory/2316-651-0x0000000006520000-0x0000000006521000-memory.dmp

Filesize
4KB

Download
memory/2316-650-0x0000000006520000-0x0000000006521000-memory.dmp

Filesize
4KB

Download
memory/2316-649-0x0000000006520000-0x0000000006521000-memory.dmp

Filesize
4KB

Download
memory/2316-648-0x0000000006520000-0x0000000006521000-memory.dmp

Filesize
4KB

Download
memory/2316-647-0x0000000006520000-0x0000000006521000-memory.dmp

Filesize
4KB

Download
memory/2316-646-0x0000000006520000-0x0000000006521000-memory.dmp

Filesize
4KB

Download
memory/2316-645-0x0000000006520000-0x0000000006521000-memory.dmp

Filesize
4KB

Download
memory/2316-644-0x0000000006520000-0x0000000006521000-memory.dmp

Filesize
4KB

Download
memory/2316-642-0x0000000006500000-0x0000000006501000-memory.dmp

Filesize
4KB

Download
memory/2316-641-0x0000000006500000-0x0000000006501000-memory.dmp

Filesize
4KB

Download
memory/2316-640-0x0000000006D40000-0x0000000007192000-memory.dmp

Filesize
4.3MB

Download
memory/2316-638-0x0000000006D40000-0x0000000007192000-memory.dmp

Filesize
4.3MB

Download
memory/2316-667-0x00000000091A0000-0x00000000091A1000-memory.dmp

Filesize
4KB

Download
memory/2316-668-0x00000000091A0000-0x00000000091A1000-memory.dmp

Filesize
4KB

Download
memory/2316-628-0x0000000005BB0000-0x00000000060AC000-memory.dmp

Filesize
5.0MB

Download
memory/2316-666-0x00000000091A0000-0x00000000091A1000-memory.dmp

Filesize
4KB

Download
memory/2316-669-0x00000000091A0000-0x00000000091A1000-memory.dmp

Filesize
4KB

Download
memory/2316-670-0x0000000006530000-0x0000000006531000-memory.dmp

Filesize
4KB

Download
memory/2316-671-0x00000000091A0000-0x00000000091A1000-memory.dmp

Filesize
4KB

Download
memory/2316-672-0x00000000091A0000-0x00000000091A1000-memory.dmp

Filesize
4KB

Download
memory/2316-673-0x00000000091A0000-0x00000000091A1000-memory.dmp

Filesize
4KB

Download
memory/2316-612-0x0000000004D30000-0x0000000005170000-memory.dmp

Filesize
4.2MB

Download
memory/2316-675-0x00000000091B0000-0x00000000091B1000-memory.dmp

Filesize
4KB

Download
memory/2316-676-0x00000000091A0000-0x00000000091A1000-memory.dmp

Filesize
4KB

Download
memory/2316-677-0x00000000091B0000-0x00000000091B1000-memory.dmp

Filesize
4KB

Download
memory/2316-678-0x00000000091B0000-0x00000000091B1000-memory.dmp

Filesize
4KB

Download
memory/2316-679-0x00000000091A0000-0x00000000091A1000-memory.dmp

Filesize
4KB

Download
memory/2316-680-0x00000000091B0000-0x00000000091B1000-memory.dmp

Filesize
4KB

Download
memory/2316-681-0x00000000091B0000-0x00000000091B1000-memory.dmp

Filesize
4KB

Download
memory/2316-682-0x0000000006530000-0x0000000006531000-memory.dmp

Filesize
4KB

Download
memory/2316-685-0x00000000091C0000-0x00000000091C1000-memory.dmp

Filesize
4KB

Download
memory/2316-579-0x00000000012C0000-0x00000000018F1000-memory.dmp

Filesize
6.2MB

Download
memory/2316-578-0x0000000068A81000-0x0000000068E0B000-memory.dmp

Filesize
3.5MB

Download
memory/2316-575-0x00000000012C0000-0x00000000018F1000-memory.dmp

Filesize
6.2MB

Download
memory/2316-686-0x00000000091B0000-0x00000000091B1000-memory.dmp

Filesize
4KB

Download
memory/2316-687-0x00000000091C0000-0x00000000091C1000-memory.dmp

Filesize
4KB

Download
memory/2316-688-0x00000000091B0000-0x00000000091B1000-memory.dmp

Filesize
4KB

Download
memory/2316-689-0x00000000091C0000-0x00000000091C1000-memory.dmp

Filesize
4KB

Download
memory/2316-636-0x0000000068A80000-0x000000006911A000-memory.dmp

Filesize
6.6MB

Download
memory/2316-637-0x0000000068A80000-0x000000006911A000-memory.dmp

Filesize
6.6MB

Download
memory/2316-614-0x0000000005170000-0x0000000005370000-memory.dmp

Filesize
2.0MB

Download
memory/2316-577-0x0000000061B40000-0x000000006225D000-memory.dmp

Filesize
7.1MB

Download
memory/2316-1006-0x0000000068A80000-0x000000006911A000-memory.dmp

Filesize
6.6MB

Download