Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03-12-2024 13:38

General

  • Target

    57e04b94013d53c69084e954941a47677ff80afdfd8f1c062788b6f66ac74a77.exe

  • Size

    8.7MB

  • MD5

    80add80d0def80a44a491a31f18de4f8

  • SHA1

    519a96705528c5842291e0bc7eafabd59b0c4f57

  • SHA256

    57e04b94013d53c69084e954941a47677ff80afdfd8f1c062788b6f66ac74a77

  • SHA512

    4c112331d1e82e8175e82f4862919f7b1dfc62861e07187b35a6612a9b27eb4efc701936edf989887aacbd408200ed881314e3c0d3e20e646f7d023a777c2338

  • SSDEEP

    196608:eDq9xBWOQiznaMYaaSDaJThbnFG3gOn4e11bUNhOsOqBOxda7Zy:kq96OQizaMAbThR6gC4ShPFqM87Zy

Malware Config

Signatures

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

  • Vjw0rm family
  • Blocklisted process makes network request 5 IoCs
  • Drops file in Drivers directory 9 IoCs
  • Modifies Windows Firewall 2 TTPs 1 IoCs
  • ACProtect 1.3x - 1.4x DLL software 3 IoCs

    Detects file using ACProtect software.

  • Drops startup file 2 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Executes dropped EXE 7 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 5 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Command and Scripting Interpreter: JavaScript 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 7 IoCs
  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
  • Modifies registry class 64 IoCs
  • Runs net.exe
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 37 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\57e04b94013d53c69084e954941a47677ff80afdfd8f1c062788b6f66ac74a77.exe
    "C:\Users\Admin\AppData\Local\Temp\57e04b94013d53c69084e954941a47677ff80afdfd8f1c062788b6f66ac74a77.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2364
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\info.js"
      2⤵
      • Blocklisted process makes network request
      • Drops startup file
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2348
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\System32\schtasks.exe" /create /sc minute /mo 30 /tn Anydesk /tr "C:\Users\Admin\AppData\Local\Temp\info.js
        3⤵
        • Scheduled Task/Job: Scheduled Task
        PID:2736
    • C:\Users\Admin\AppData\Local\Temp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\setup.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:1796
      • C:\Windows\SysWOW64\netsh.exe
        netsh.exe advfirewall firewall delete rule name="all" remoteip=95.141.193.133
        3⤵
        • Modifies Windows Firewall
        • Event Triggered Execution: Netsh Helper DLL
        PID:2476
      • C:\Windows\SysWOW64\route.exe
        route.exe delete 95.141.193.133
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2636
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /C START /WAIT /MIN CMD.EXE /C "C:\Users\Admin\AppData\Local\Temp\nsjD3D5.tmp\Cleanup.cmd"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2952
        • C:\Windows\SysWOW64\cmd.exe
          CMD.EXE /C "C:\Users\Admin\AppData\Local\Temp\nsjD3D5.tmp\Cleanup.cmd"
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:1588
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c whoami /user /fo list
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:2296
            • C:\Windows\SysWOW64\whoami.exe
              whoami /user /fo list
              6⤵
              • Suspicious use of AdjustPrivilegeToken
              PID:2224
          • C:\Windows\SysWOW64\reg.exe
            reg query HKU\S-1-5-19
            5⤵
              PID:2076
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill /IM "IDMan.exe" /F
              5⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              • Suspicious use of AdjustPrivilegeToken
              PID:2584
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill /IM "IEMonitor.exe" /F
              5⤵
              • Kills process with taskkill
              • Suspicious use of AdjustPrivilegeToken
              PID:2188
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill /IM "IDMGrHlp.exe" /F
              5⤵
              • Kills process with taskkill
              • Suspicious use of AdjustPrivilegeToken
              PID:944
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill /IM "idmBroker.exe" /F
              5⤵
              • Kills process with taskkill
              • Suspicious use of AdjustPrivilegeToken
              PID:1516
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill /IM "IDMIntegrator64.exe" /F
              5⤵
              • Kills process with taskkill
              • Suspicious use of AdjustPrivilegeToken
              PID:2988
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill /IM "IDMMsgHost.exe" /F
              5⤵
              • Kills process with taskkill
              • Suspicious use of AdjustPrivilegeToken
              PID:1384
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill /IM "MediumILStart.exe" /F
              5⤵
              • System Location Discovery: System Language Discovery
              • Kills process with taskkill
              • Suspicious use of AdjustPrivilegeToken
              PID:1864
            • C:\Windows\SysWOW64\reg.exe
              REG DELETE "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
              5⤵
                PID:572
              • C:\Windows\SysWOW64\reg.exe
                reg query "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
                5⤵
                  PID:2068
                • C:\Windows\SysWOW64\reg.exe
                  reg query "HKLM\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
                  5⤵
                  • System Location Discovery: System Language Discovery
                  PID:1728
                • C:\Windows\SysWOW64\reg.exe
                  REG DELETE "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
                  5⤵
                  • System Location Discovery: System Language Discovery
                  PID:1952
                • C:\Windows\SysWOW64\reg.exe
                  reg query "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
                  5⤵
                    PID:316
                  • C:\Windows\SysWOW64\reg.exe
                    reg query "HKLM\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
                    5⤵
                    • System Location Discovery: System Language Discovery
                    PID:468
                  • C:\Windows\SysWOW64\reg.exe
                    REG DELETE "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
                    5⤵
                      PID:1124
                    • C:\Windows\SysWOW64\reg.exe
                      reg query "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
                      5⤵
                        PID:912
                      • C:\Windows\SysWOW64\reg.exe
                        reg query "HKLM\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
                        5⤵
                          PID:628
                        • C:\Windows\SysWOW64\reg.exe
                          REG DELETE "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
                          5⤵
                            PID:952
                          • C:\Windows\SysWOW64\reg.exe
                            reg query "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
                            5⤵
                              PID:1168
                            • C:\Windows\SysWOW64\reg.exe
                              reg query "HKLM\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
                              5⤵
                                PID:3016
                              • C:\Windows\SysWOW64\reg.exe
                                REG DELETE "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
                                5⤵
                                • System Location Discovery: System Language Discovery
                                PID:1800
                              • C:\Windows\SysWOW64\reg.exe
                                reg query "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
                                5⤵
                                • System Location Discovery: System Language Discovery
                                PID:1772
                              • C:\Windows\SysWOW64\reg.exe
                                reg query "HKLM\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
                                5⤵
                                  PID:1816
                                • C:\Windows\SysWOW64\reg.exe
                                  REG DELETE "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
                                  5⤵
                                    PID:2292
                                  • C:\Windows\SysWOW64\reg.exe
                                    reg query "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
                                    5⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:1492
                                  • C:\Windows\SysWOW64\reg.exe
                                    reg query "HKLM\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
                                    5⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:2512
                                  • C:\Windows\SysWOW64\reg.exe
                                    REG DELETE "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
                                    5⤵
                                    • System Location Discovery: System Language Discovery
                                    PID:1040
                                  • C:\Windows\SysWOW64\reg.exe
                                    reg query "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
                                    5⤵
                                      PID:1980
                                    • C:\Windows\SysWOW64\reg.exe
                                      reg query "HKLM\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
                                      5⤵
                                      • System Location Discovery: System Language Discovery
                                      PID:2304
                                    • C:\Windows\SysWOW64\reg.exe
                                      REG DELETE "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
                                      5⤵
                                        PID:292
                                      • C:\Windows\SysWOW64\reg.exe
                                        reg query "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
                                        5⤵
                                          PID:2544
                                        • C:\Windows\SysWOW64\reg.exe
                                          reg query "HKLM\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
                                          5⤵
                                            PID:2340
                                          • C:\Windows\SysWOW64\reg.exe
                                            REG DELETE "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
                                            5⤵
                                              PID:1724
                                            • C:\Windows\SysWOW64\reg.exe
                                              reg query "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
                                              5⤵
                                                PID:1368
                                              • C:\Windows\SysWOW64\reg.exe
                                                reg query "HKLM\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
                                                5⤵
                                                  PID:1536
                                                • C:\Windows\SysWOW64\reg.exe
                                                  REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
                                                  5⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:2572
                                                • C:\Windows\SysWOW64\reg.exe
                                                  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
                                                  5⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:992
                                                • C:\Windows\SysWOW64\reg.exe
                                                  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
                                                  5⤵
                                                    PID:2300
                                                  • C:\Windows\SysWOW64\reg.exe
                                                    REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
                                                    5⤵
                                                      PID:1652
                                                    • C:\Windows\SysWOW64\reg.exe
                                                      reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
                                                      5⤵
                                                      • System Location Discovery: System Language Discovery
                                                      PID:1672
                                                    • C:\Windows\SysWOW64\reg.exe
                                                      reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
                                                      5⤵
                                                      • System Location Discovery: System Language Discovery
                                                      PID:1740
                                                    • C:\Windows\SysWOW64\reg.exe
                                                      REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
                                                      5⤵
                                                        PID:1924
                                                      • C:\Windows\SysWOW64\reg.exe
                                                        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
                                                        5⤵
                                                        • System Location Discovery: System Language Discovery
                                                        PID:1752
                                                      • C:\Windows\SysWOW64\reg.exe
                                                        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
                                                        5⤵
                                                          PID:1828
                                                        • C:\Windows\SysWOW64\reg.exe
                                                          REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
                                                          5⤵
                                                            PID:1052
                                                          • C:\Windows\SysWOW64\reg.exe
                                                            reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
                                                            5⤵
                                                              PID:1000
                                                            • C:\Windows\SysWOW64\reg.exe
                                                              reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
                                                              5⤵
                                                              • System Location Discovery: System Language Discovery
                                                              PID:1248
                                                            • C:\Windows\SysWOW64\reg.exe
                                                              REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
                                                              5⤵
                                                              • System Location Discovery: System Language Discovery
                                                              PID:1972
                                                            • C:\Windows\SysWOW64\reg.exe
                                                              reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
                                                              5⤵
                                                              • System Location Discovery: System Language Discovery
                                                              PID:888
                                                            • C:\Windows\SysWOW64\reg.exe
                                                              reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
                                                              5⤵
                                                              • System Location Discovery: System Language Discovery
                                                              PID:2564
                                                            • C:\Windows\SysWOW64\reg.exe
                                                              REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
                                                              5⤵
                                                              • System Location Discovery: System Language Discovery
                                                              PID:2248
                                                            • C:\Windows\SysWOW64\reg.exe
                                                              reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
                                                              5⤵
                                                                PID:3040
                                                              • C:\Windows\SysWOW64\reg.exe
                                                                reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
                                                                5⤵
                                                                  PID:1436
                                                                • C:\Windows\SysWOW64\reg.exe
                                                                  REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
                                                                  5⤵
                                                                  • System Location Discovery: System Language Discovery
                                                                  PID:3044
                                                                • C:\Windows\SysWOW64\reg.exe
                                                                  reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
                                                                  5⤵
                                                                    PID:1572
                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                    reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
                                                                    5⤵
                                                                    • System Location Discovery: System Language Discovery
                                                                    PID:1584
                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                    REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
                                                                    5⤵
                                                                      PID:1576
                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                      reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
                                                                      5⤵
                                                                        PID:1688
                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                        reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
                                                                        5⤵
                                                                          PID:1940
                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                          REG DELETE "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
                                                                          5⤵
                                                                            PID:2540
                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                            reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
                                                                            5⤵
                                                                              PID:2560
                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                              reg query "HKLM\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
                                                                              5⤵
                                                                                PID:1944
                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                REG DELETE "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
                                                                                5⤵
                                                                                • System Location Discovery: System Language Discovery
                                                                                PID:2360
                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                reg query "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
                                                                                5⤵
                                                                                  PID:2016
                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                  reg query "HKCU\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
                                                                                  5⤵
                                                                                    PID:2996
                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                    REG DELETE "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
                                                                                    5⤵
                                                                                      PID:2948
                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                      reg query "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
                                                                                      5⤵
                                                                                        PID:2124
                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                        reg query "HKCU\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
                                                                                        5⤵
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:2148
                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                        REG DELETE "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
                                                                                        5⤵
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:2580
                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                        reg query "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
                                                                                        5⤵
                                                                                          PID:2364
                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                          reg query "HKCU\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
                                                                                          5⤵
                                                                                            PID:2328
                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                            REG DELETE "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
                                                                                            5⤵
                                                                                              PID:2728
                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                              reg query "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
                                                                                              5⤵
                                                                                                PID:2320
                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                reg query "HKCU\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
                                                                                                5⤵
                                                                                                  PID:2916
                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                  REG DELETE "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
                                                                                                  5⤵
                                                                                                    PID:2492
                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                    reg query "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
                                                                                                    5⤵
                                                                                                      PID:2808
                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                      reg query "HKCU\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
                                                                                                      5⤵
                                                                                                        PID:2944
                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                        REG DELETE "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
                                                                                                        5⤵
                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                        PID:2804
                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                        reg query "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
                                                                                                        5⤵
                                                                                                          PID:2588
                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                          reg query "HKCU\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
                                                                                                          5⤵
                                                                                                            PID:2640
                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                            REG DELETE "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
                                                                                                            5⤵
                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                            PID:2736
                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                            reg query "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
                                                                                                            5⤵
                                                                                                              PID:2472
                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                              reg query "HKCU\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
                                                                                                              5⤵
                                                                                                                PID:2672
                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                REG DELETE "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
                                                                                                                5⤵
                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                PID:2924
                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                reg query "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
                                                                                                                5⤵
                                                                                                                  PID:2816
                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                  reg query "HKCU\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
                                                                                                                  5⤵
                                                                                                                    PID:2900
                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                    REG DELETE "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
                                                                                                                    5⤵
                                                                                                                      PID:2760
                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                      reg query "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
                                                                                                                      5⤵
                                                                                                                        PID:2620
                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                        reg query "HKCU\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
                                                                                                                        5⤵
                                                                                                                          PID:2616
                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                          REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
                                                                                                                          5⤵
                                                                                                                            PID:2668
                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                            reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
                                                                                                                            5⤵
                                                                                                                              PID:2684
                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                              reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
                                                                                                                              5⤵
                                                                                                                                PID:2648
                                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                                REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
                                                                                                                                5⤵
                                                                                                                                  PID:1696
                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
                                                                                                                                  5⤵
                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                  PID:2312
                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
                                                                                                                                  5⤵
                                                                                                                                    PID:2020
                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                    REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
                                                                                                                                    5⤵
                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                    PID:2180
                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                    reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
                                                                                                                                    5⤵
                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                    PID:1744
                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                    reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
                                                                                                                                    5⤵
                                                                                                                                      PID:2496
                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                      REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
                                                                                                                                      5⤵
                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                      PID:1984
                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                      reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
                                                                                                                                      5⤵
                                                                                                                                        PID:2828
                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
                                                                                                                                        5⤵
                                                                                                                                          PID:1288
                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                          REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
                                                                                                                                          5⤵
                                                                                                                                            PID:1208
                                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                                            reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
                                                                                                                                            5⤵
                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                            PID:1960
                                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                                            reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
                                                                                                                                            5⤵
                                                                                                                                              PID:1936
                                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                                              REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
                                                                                                                                              5⤵
                                                                                                                                                PID:756
                                                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
                                                                                                                                                5⤵
                                                                                                                                                  PID:1048
                                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                  reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
                                                                                                                                                  5⤵
                                                                                                                                                    PID:1856
                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                    REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
                                                                                                                                                    5⤵
                                                                                                                                                      PID:2000
                                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                      reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
                                                                                                                                                      5⤵
                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                      PID:3012
                                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                      reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
                                                                                                                                                      5⤵
                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                      PID:1844
                                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                      REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
                                                                                                                                                      5⤵
                                                                                                                                                        PID:2704
                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                        reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
                                                                                                                                                        5⤵
                                                                                                                                                          PID:2508
                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                          reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
                                                                                                                                                          5⤵
                                                                                                                                                            PID:1404
                                                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                            REG DELETE "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
                                                                                                                                                            5⤵
                                                                                                                                                              PID:2432
                                                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                              reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
                                                                                                                                                              5⤵
                                                                                                                                                                PID:1400
                                                                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                reg query "HKCU\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
                                                                                                                                                                5⤵
                                                                                                                                                                  PID:1164
                                                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                  REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
                                                                                                                                                                  5⤵
                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                  PID:2156
                                                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
                                                                                                                                                                  5⤵
                                                                                                                                                                    PID:2144
                                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                    reg query "HKU\.DEFAULT\Software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
                                                                                                                                                                    5⤵
                                                                                                                                                                      PID:1720
                                                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                      REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
                                                                                                                                                                      5⤵
                                                                                                                                                                        PID:2520
                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
                                                                                                                                                                        5⤵
                                                                                                                                                                          PID:1612
                                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                          reg query "HKU\.DEFAULT\Software\Classes\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
                                                                                                                                                                          5⤵
                                                                                                                                                                            PID:2136
                                                                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                            REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
                                                                                                                                                                            5⤵
                                                                                                                                                                              PID:2464
                                                                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                              reg query "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
                                                                                                                                                                              5⤵
                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                              PID:2100
                                                                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                              reg query "HKU\.DEFAULT\Software\Classes\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
                                                                                                                                                                              5⤵
                                                                                                                                                                                PID:2032
                                                                                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
                                                                                                                                                                                5⤵
                                                                                                                                                                                  PID:2040
                                                                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                  reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
                                                                                                                                                                                  5⤵
                                                                                                                                                                                    PID:1056
                                                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                    reg query "HKU\.DEFAULT\Software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
                                                                                                                                                                                    5⤵
                                                                                                                                                                                      PID:2796
                                                                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                      REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
                                                                                                                                                                                      5⤵
                                                                                                                                                                                        PID:1988
                                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
                                                                                                                                                                                        5⤵
                                                                                                                                                                                          PID:1704
                                                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                          reg query "HKU\.DEFAULT\Software\Classes\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
                                                                                                                                                                                          5⤵
                                                                                                                                                                                            PID:2852
                                                                                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                            REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
                                                                                                                                                                                            5⤵
                                                                                                                                                                                              PID:1428
                                                                                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                              reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
                                                                                                                                                                                              5⤵
                                                                                                                                                                                                PID:1908
                                                                                                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
                                                                                                                                                                                                5⤵
                                                                                                                                                                                                  PID:2044
                                                                                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                  REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                    PID:2012
                                                                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                    reg query "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                                                    PID:376
                                                                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                    reg query "HKU\.DEFAULT\Software\Classes\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                      PID:1160
                                                                                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                      REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                        PID:1764
                                                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                        PID:1620
                                                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                        reg query "HKU\.DEFAULT\Software\Classes\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                          PID:2984
                                                                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                          REG DELETE "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                            PID:2140
                                                                                                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                            reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                              PID:2656
                                                                                                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                              reg query "HKU\.DEFAULT\Software\Classes\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                PID:2224
                                                                                                                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}" /f
                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                  PID:2296
                                                                                                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                  reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                    PID:2076
                                                                                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                    reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}"
                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                      PID:2244
                                                                                                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                      REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}" /f
                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                        PID:2284
                                                                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                          PID:2212
                                                                                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                          reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{6DDF00DB-1234-46EC-8356-27E7B2051192}"
                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                            PID:2444
                                                                                                                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                            REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}" /f
                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                              PID:2376
                                                                                                                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                              reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                PID:1556
                                                                                                                                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{D5B91409-A8CA-4973-9A0B-59F713D25671}"
                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                  PID:2188
                                                                                                                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                  REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}" /f
                                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                                    PID:1748
                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                    reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
                                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                                      PID:1084
                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                      reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}"
                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                        PID:1360
                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}" /f
                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                        PID:3064
                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                          PID:1036
                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                          reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{07999AC3-058B-40BF-984F-69EB1E554CA7}"
                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                          PID:1324
                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                          REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}" /f
                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                          PID:1516
                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                          reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                          PID:1088
                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                          reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E8CF4E59-B7A3-41F2-86C7-82B03334F22A}"
                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                            PID:828
                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                            REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}" /f
                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                              PID:688
                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                              reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                PID:2196
                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{9C9D53D4-A978-43FC-93E2-1C21B529E6D7}"
                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                  PID:1592
                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                  REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}" /f
                                                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                                                    PID:960
                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                    reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
                                                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                                                      PID:1508
                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                      reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{79873CC5-3951-43ED-BDF9-D8759474B6FD}"
                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                        PID:496
                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                        REG DELETE "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}" /f
                                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                        PID:1568
                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                        reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
                                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                                          PID:2480
                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                          reg query "HKU\.DEFAULT\Software\Classes\Wow6432Node\CLSID\{E6871B76-C3C8-44DD-B947-ABFFE144860D}"
                                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                          PID:1864
                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                          REG DELETE "HKLM\Software\Internet Download Manager" /f
                                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                                            PID:572
                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                            reg query "HKLM\Software\Internet Download Manager"
                                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                                              PID:2068
                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                              reg query "HKLM\Software\Internet Download Manager"
                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                PID:1728
                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                REG DELETE "HKLM\Software\Wow6432Node\Internet Download Manager" /f
                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                  PID:1952
                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                  reg query "HKLM\Software\Wow6432Node\Internet Download Manager"
                                                                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                                                                    PID:316
                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                    reg query "HKLM\Software\Wow6432Node\Internet Download Manager"
                                                                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                                                                      PID:468
                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                      REG DELETE "HKLM\Software\Download Manager" /f
                                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                                        PID:1124
                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                        reg query "HKLM\Software\Download Manager"
                                                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                                                          PID:912
                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                          reg query "HKLM\Software\Download Manager"
                                                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                          PID:628
                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                          REG DELETE "HKLM\Software\Wow6432Node\Download Manager" /f
                                                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                          PID:952
                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                          reg query "HKLM\Software\Wow6432Node\Download Manager"
                                                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                                                            PID:1168
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                            reg query "HKLM\Software\Wow6432Node\Download Manager"
                                                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                                                              PID:3016
                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                              REG DELETE "HKLM\Software\DownloadManager" /f
                                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                                PID:1800
                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                reg query "HKLM\Software\DownloadManager"
                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                  PID:1772
                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                  reg query "HKLM\Software\DownloadManager"
                                                                                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                                                                                    PID:1816
                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                    REG DELETE "HKLM\Software\Wow6432Node\DownloadManager" /f
                                                                                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                    PID:2292
                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                    reg query "HKLM\Software\Wow6432Node\DownloadManager"
                                                                                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                                                                                      PID:1492
                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                      reg query "HKLM\Software\Wow6432Node\DownloadManager"
                                                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                                                        PID:2512
                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                        REG DELETE "HKCU\Software\Download Manager" /f
                                                                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                                                                          PID:1040
                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                          reg query "HKCU\Software\Download Manager"
                                                                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                                                                            PID:1980
                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                            reg query "HKCU\Software\Download Manager"
                                                                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                                                                              PID:2304
                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                              REG DELETE "HKCU\Software\Wow6432Node\Download Manager" /f
                                                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                                                PID:292
                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                reg query "HKCU\Software\Wow6432Node\Download Manager"
                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                  PID:2544
                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                  reg query "HKCU\Software\Wow6432Node\Download Manager"
                                                                                                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                                                                                                    PID:2340
                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                    REG DELETE "HKCU\Software\Wow6432Node\DownloadManager" /f
                                                                                                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                                                                                                      PID:1724
                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                      reg query "HKCU\Software\Wow6432Node\DownloadManager"
                                                                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                                                                        PID:1368
                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                        reg query "HKCU\Software\Wow6432Node\DownloadManager"
                                                                                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                                                                                          PID:1536
                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                          REG DELETE "HKU\.DEFAULT\Software\Download Manager" /f
                                                                                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                                                                                            PID:2572
                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                            reg query "HKU\.DEFAULT\Software\Download Manager"
                                                                                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                                                                                              PID:992
                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                              reg query "HKU\.DEFAULT\Software\Download Manager"
                                                                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                              PID:696
                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                              REG DELETE "HKU\.DEFAULT\Software\Wow6432Node\Download Manager" /f
                                                                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                                                                PID:3048
                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                reg query "HKU\.DEFAULT\Software\Wow6432Node\Download Manager"
                                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                                  PID:2372
                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                  reg query "HKU\.DEFAULT\Software\Wow6432Node\Download Manager"
                                                                                                                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                                                                                                                    PID:1860
                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                    REG DELETE "HKU\.DEFAULT\Software\DownloadManager" /f
                                                                                                                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                                                                                                                      PID:2120
                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                      reg query "HKU\.DEFAULT\Software\DownloadManager"
                                                                                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                                                                                        PID:536
                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                        reg query "HKU\.DEFAULT\Software\DownloadManager"
                                                                                                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                                                                                                          PID:1784
                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                          REG DELETE "HKU\.DEFAULT\Software\Wow6432Node\DownloadManager" /f
                                                                                                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                                                                                                            PID:1344
                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                            reg query "HKU\.DEFAULT\Software\Wow6432Node\DownloadManager"
                                                                                                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                            PID:268
                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                            reg query "HKU\.DEFAULT\Software\Wow6432Node\DownloadManager"
                                                                                                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                                                                                                              PID:1756
                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                              REG DELETE "HKLM" /ve /f
                                                                                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                                                                                PID:868
                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                                REG DELETE "HKLM" /v "MData" /f
                                                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                                                  PID:2052
                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                                  REG DELETE "HKLM" /v "Model" /f
                                                                                                                                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                                                                                                                                    PID:1676
                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                                    REG DELETE "HKLM" /v "Therad" /f
                                                                                                                                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                                                                                                                                      PID:3000
                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                                      REG DELETE "HKCU" /ve /f
                                                                                                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                                                                                                        PID:2264
                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                                        REG DELETE "HKCU" /v "MData" /f
                                                                                                                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                                                                                                                          PID:1708
                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                                          REG DELETE "HKCU" /v "Model" /f
                                                                                                                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                                                                                                                            PID:1584
                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                                            REG DELETE "HKCU" /v "Therad" /f
                                                                                                                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                                                                                                                              PID:1576
                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                                              REG DELETE "HKCU\Software\DownloadManager" /v "FName" /f
                                                                                                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                                                                                                PID:1688
                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                                                REG DELETE "HKCU\Software\DownloadManager" /v "LName" /f
                                                                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                PID:1940
                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                                                REG DELETE "HKCU\Software\DownloadManager" /v "Email" /f
                                                                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                                                                  PID:2552
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                                                  REG DELETE "HKCU\Software\DownloadManager" /v "Serial" /f
                                                                                                                                                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                  PID:332
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                                                  REG DELETE "HKCU\Software\DownloadManager" /v "CheckUpdtVM" /f
                                                                                                                                                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                                                                                                                                                    PID:2380
                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                                                    REG DELETE "HKCU\Software\DownloadManager" /v "tvfrdt" /f
                                                                                                                                                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                                                                                                                                                      PID:2528
                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                                                      REG DELETE "HKCU\Software\DownloadManager" /v "LstCheck" /f
                                                                                                                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                                                                                                                        PID:1628
                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\reg.exe
                                                                                                                                                                                                                                                                                                                                                        REG DELETE "HKCU\Software\DownloadManager" /v "scansk" /f
                                                                                                                                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                                                                                                                                          PID:2064
                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files (x86)\Internet Download Manager\Uninstall.exe" -instdriv
                                                                                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                      • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                                                      PID:2072
                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\RUNDLL32.EXE
                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.inf
                                                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                                                        • Drops file in Drivers directory
                                                                                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                        • Drops file in Windows directory
                                                                                                                                                                                                                                                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                                                                                        PID:792
                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\system32\runonce.exe
                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\runonce.exe" -r
                                                                                                                                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                                                                                                                                          • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                          PID:2588
                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\System32\grpconv.exe
                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\grpconv.exe" -o
                                                                                                                                                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                                                                                                                                                              PID:2472
                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\System32\net.exe" start IDMWFP
                                                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                                                            PID:2760
                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\net1 start IDMWFP
                                                                                                                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                              PID:484
                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\net.exe" start IDMWFP
                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                            PID:1296
                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                                                                              C:\Windows\system32\net1 start IDMWFP
                                                                                                                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                              PID:900
                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\net.exe" start IDMWFP
                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                              PID:2000
                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                                                                                C:\Windows\system32\net1 start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                                                                                  PID:2704
                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\net.exe" start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                                                                  PID:1404
                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\net1 start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                                                                                                                                                                      PID:1164
                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\net.exe" start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                                                                      PID:1716
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\net1 start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                                                                                                                                                          PID:2112
                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\net.exe" start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                                                                          PID:1596
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\system32\net1 start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                                                                                                                                                              PID:1548
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
                                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                                            • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                                                                            PID:1056
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\regsvr32.exe
                                                                                                                                                                                                                                                                                                                                                                              /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
                                                                                                                                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                                                                                                                              • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                                                                              PID:2848
                                                                                                                                                                                                                                                                                                                                                                        • C:\Program Files (x86)\Internet Download Manager\IDMan.exe
                                                                                                                                                                                                                                                                                                                                                                          "C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /rtr
                                                                                                                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                          • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                                                                          • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                          • Installs/modifies Browser Helper Object
                                                                                                                                                                                                                                                                                                                                                                          • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                          • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                                                                                                          • Suspicious use of FindShellTrayWindow
                                                                                                                                                                                                                                                                                                                                                                          • Suspicious use of SendNotifyMessage
                                                                                                                                                                                                                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                                          PID:1948
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
                                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                                            • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                                                                            PID:1340
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\regsvr32.exe
                                                                                                                                                                                                                                                                                                                                                                              /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
                                                                                                                                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                                                                                                                              • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                                                                              • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                              PID:1508
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
                                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                                            • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                                                                            PID:496
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\regsvr32.exe
                                                                                                                                                                                                                                                                                                                                                                              /s "C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll"
                                                                                                                                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                                                                                                                              • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                                                                              • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                              PID:1864
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
                                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                                            • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                                                                            PID:1528
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\regsvr32.exe
                                                                                                                                                                                                                                                                                                                                                                              /s "C:\Program Files (x86)\Internet Download Manager\IDMGetAll64.dll"
                                                                                                                                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                                                                                                                              • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                                                                              • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                              PID:2068
                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
                                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                                            • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                                                                            PID:572
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\regsvr32.exe
                                                                                                                                                                                                                                                                                                                                                                              /s "C:\Program Files (x86)\Internet Download Manager\downlWithIDM64.dll"
                                                                                                                                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                                                                                                                              • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                                                                              • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                              PID:1760
                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
                                                                                                                                                                                                                                                                                                                                                                            "C:\Program Files (x86)\Internet Download Manager\Uninstall.exe" -instdriv
                                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                            • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                            PID:2360
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\system32\RUNDLL32.EXE
                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.inf
                                                                                                                                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                                                                                                                              • Drops file in Drivers directory
                                                                                                                                                                                                                                                                                                                                                                              • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                                                                              • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                              • Drops file in Windows directory
                                                                                                                                                                                                                                                                                                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                                                                                                              PID:2064
                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\system32\runonce.exe
                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\runonce.exe" -r
                                                                                                                                                                                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                                                                                                                                                                                • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                PID:2364
                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\System32\grpconv.exe
                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\System32\grpconv.exe" -o
                                                                                                                                                                                                                                                                                                                                                                                  7⤵
                                                                                                                                                                                                                                                                                                                                                                                    PID:2080
                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\net.exe" start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                                                                                                  PID:2300
                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\net1 start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                                                                                                                                                                                      PID:2780
                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\net.exe" start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                                                                                                                                                                                      PID:1696
                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\net1 start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                                                                                                                                                                                          PID:2828
                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\net.exe" start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                                                                                                                                                                          PID:1208
                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\system32\net1 start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                                                                                                                                                                                              PID:756
                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\net.exe" start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                                                                                                                                                                              PID:1048
                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\system32\net1 start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                                PID:1976
                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\System32\net.exe" start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                                                                                                                                                PID:1792
                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\net1 start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                                                                                                                                                                                                    PID:1028
                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\System32\net.exe" start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                                                                                                                                                                                                    PID:2436
                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\system32\net1 start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                                                                                                                                                                                                        PID:2156
                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
                                                                                                                                                                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                                                                                                                                                                      • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                                                                                                      PID:2112
                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\system32\regsvr32.exe
                                                                                                                                                                                                                                                                                                                                                                                                        /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
                                                                                                                                                                                                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                                                                                                                                                                                                        • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                                                                                                        PID:2520
                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe
                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files (x86)\Internet Download Manager\MediumILStart.exe"
                                                                                                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                    PID:2796
                                                                                                                                                                                                                                                                                                                                                                                            • C:\Program Files (x86)\Internet Download Manager\IDMan.exe
                                                                                                                                                                                                                                                                                                                                                                                              "C:\Program Files (x86)\Internet Download Manager\IDMan.exe" -Embedding
                                                                                                                                                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                              • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                                                                                              • Modifies Internet Explorer settings
                                                                                                                                                                                                                                                                                                                                                                                              • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                                              • Suspicious use of FindShellTrayWindow
                                                                                                                                                                                                                                                                                                                                                                                              • Suspicious use of SendNotifyMessage
                                                                                                                                                                                                                                                                                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                                                                                                                                                                                              PID:2044
                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                                                                                                PID:2940
                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\regsvr32.exe
                                                                                                                                                                                                                                                                                                                                                                                                  /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
                                                                                                                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                                                                                                                  • Modifies registry class
                                                                                                                                                                                                                                                                                                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                                                                                                                                  PID:2204
                                                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
                                                                                                                                                                                                                                                                                                                                                                                                "C:\Program Files (x86)\Internet Download Manager\Uninstall.exe" -instdriv
                                                                                                                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                                PID:2584
                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\system32\RUNDLL32.EXE
                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\Sysnative\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\Program Files (x86)\Internet Download Manager\idmwfp.inf
                                                                                                                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                                                                                                                  • Drops file in Drivers directory
                                                                                                                                                                                                                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                  • Drops file in Windows directory
                                                                                                                                                                                                                                                                                                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                                                                                                                                  PID:1592
                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\system32\runonce.exe
                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\system32\runonce.exe" -r
                                                                                                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                                                                                                    • Checks processor information in registry
                                                                                                                                                                                                                                                                                                                                                                                                    PID:1428
                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\System32\grpconv.exe
                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\System32\grpconv.exe" -o
                                                                                                                                                                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                                                                                                                                                                        PID:1864
                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\net.exe" start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                                                                                                                                      PID:872
                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\net1 start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                                                                                                          PID:2008
                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\net.exe" start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                                                                                                                                                          PID:912
                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\system32\net1 start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                                                                              PID:1168
                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\System32\net.exe" start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                                                                                                                                              PID:1952
                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\system32\net1 start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                                                PID:2960
                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\System32\net.exe" start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                PID:1816
                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\net1 start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1444
                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\System32\net.exe" start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2304
                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\system32\net1 start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2980
                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Windows\System32\net.exe" start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2716
                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Windows\system32\net1 start IDMWFP
                                                                                                                                                                                                                                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2108
                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\regsvr32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
                                                                                                                                                                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                          PID:580
                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\system32\regsvr32.exe
                                                                                                                                                                                                                                                                                                                                                                                                                            /s "C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll"
                                                                                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2632

                                                                                                                                                                                                                                                                                                                                                                                                                    Network

                                                                                                                                                                                                                                                                                                                                                                                                                    • flag-us
                                                                                                                                                                                                                                                                                                                                                                                                                      DNS
                                                                                                                                                                                                                                                                                                                                                                                                                      utcsvc.linkpc.net
                                                                                                                                                                                                                                                                                                                                                                                                                      WScript.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      Remote address:
                                                                                                                                                                                                                                                                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                                                                                                                                                                                                                                                                      Request
                                                                                                                                                                                                                                                                                                                                                                                                                      utcsvc.linkpc.net
                                                                                                                                                                                                                                                                                                                                                                                                                      IN A
                                                                                                                                                                                                                                                                                                                                                                                                                      Response
                                                                                                                                                                                                                                                                                                                                                                                                                      utcsvc.linkpc.net
                                                                                                                                                                                                                                                                                                                                                                                                                      IN A
                                                                                                                                                                                                                                                                                                                                                                                                                      195.201.238.116
                                                                                                                                                                                                                                                                                                                                                                                                                    • flag-us
                                                                                                                                                                                                                                                                                                                                                                                                                      DNS
                                                                                                                                                                                                                                                                                                                                                                                                                      sub2.bubblesmedia.ru
                                                                                                                                                                                                                                                                                                                                                                                                                      setup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      Remote address:
                                                                                                                                                                                                                                                                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                                                                                                                                                                                                                                                                      Request
                                                                                                                                                                                                                                                                                                                                                                                                                      sub2.bubblesmedia.ru
                                                                                                                                                                                                                                                                                                                                                                                                                      IN A
                                                                                                                                                                                                                                                                                                                                                                                                                      Response
                                                                                                                                                                                                                                                                                                                                                                                                                      sub2.bubblesmedia.ru
                                                                                                                                                                                                                                                                                                                                                                                                                      IN A
                                                                                                                                                                                                                                                                                                                                                                                                                      104.21.43.97
                                                                                                                                                                                                                                                                                                                                                                                                                      sub2.bubblesmedia.ru
                                                                                                                                                                                                                                                                                                                                                                                                                      IN A
                                                                                                                                                                                                                                                                                                                                                                                                                      172.67.177.155
                                                                                                                                                                                                                                                                                                                                                                                                                    • flag-us
                                                                                                                                                                                                                                                                                                                                                                                                                      GET
                                                                                                                                                                                                                                                                                                                                                                                                                      http://sub2.bubblesmedia.ru/tPJuh0I4KXdj4VLD8bfrj3yuN4sM930ftbOgSPQ3/s/6124/h/c59407/o/790/sub/0?a=1
                                                                                                                                                                                                                                                                                                                                                                                                                      setup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      Remote address:
                                                                                                                                                                                                                                                                                                                                                                                                                      104.21.43.97:80
                                                                                                                                                                                                                                                                                                                                                                                                                      Request
                                                                                                                                                                                                                                                                                                                                                                                                                      GET /tPJuh0I4KXdj4VLD8bfrj3yuN4sM930ftbOgSPQ3/s/6124/h/c59407/o/790/sub/0?a=1 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                                                                                                                                                                                      Host: sub2.bubblesmedia.ru
                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                      Response
                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 03 Dec 2024 13:39:30 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 167
                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: max-age=3600
                                                                                                                                                                                                                                                                                                                                                                                                                      Expires: Tue, 03 Dec 2024 14:39:30 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                      Location: https://sub2.bubblesmedia.ru/tPJuh0I4KXdj4VLD8bfrj3yuN4sM930ftbOgSPQ3/s/6124/h/c59407/o/790/sub/0?a=1
                                                                                                                                                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wPUb5m6YJl6m7SSLFmMrUT3b9hs1FB4aH7mysMVH37XV2CYSStKQI8L8zFQCAXJYc0BgOwSu3TtkuRbsdwPSodEDcYtalCivKfV16swsL57MPoeR4pXikW0IB0A3o30eZVsIUdNc0g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                                                                      CF-RAY: 8ec3f6921d08e911-LHR
                                                                                                                                                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=36193&min_rtt=36193&rtt_var=18096&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=201&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                                                                                                                                                                                                                                    • flag-us
                                                                                                                                                                                                                                                                                                                                                                                                                      GET
                                                                                                                                                                                                                                                                                                                                                                                                                      https://sub2.bubblesmedia.ru/tPJuh0I4KXdj4VLD8bfrj3yuN4sM930ftbOgSPQ3/s/6124/h/c59407/o/790/sub/0?a=1
                                                                                                                                                                                                                                                                                                                                                                                                                      setup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      Remote address:
                                                                                                                                                                                                                                                                                                                                                                                                                      104.21.43.97:443
                                                                                                                                                                                                                                                                                                                                                                                                                      Request
                                                                                                                                                                                                                                                                                                                                                                                                                      GET /tPJuh0I4KXdj4VLD8bfrj3yuN4sM930ftbOgSPQ3/s/6124/h/c59407/o/790/sub/0?a=1 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                                                                                                                                                                                      Host: sub2.bubblesmedia.ru
                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                      Response
                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 03 Dec 2024 13:39:31 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                      last-modified: Wed, 11 Sep 2024 10:54:53 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                      accept-ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                                                                      CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tZpwQuuf80YXzZSpWv7Z8VNAsd4ooCvuKm%2FR8oP2jGbVesa1JdI4MvmQnTE%2FX2yPLgk9PVoaV8rm9Wg9r27EIjFBojO6cgbZW8CZc4u4rkbLib%2BUyoIpm1oCBh0FFm5HiSeFrS6PoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                                                                                                                                                                                                                      CF-RAY: 8ec3f6964add949d-LHR
                                                                                                                                                                                                                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=47259&min_rtt=29041&rtt_var=20941&sent=7&recv=7&lost=0&retrans=1&sent_bytes=3198&recv_bytes=527&delivery_rate=104545&cwnd=254&unsent_bytes=0&cid=8abb3b2325415b37&ts=676&x=0"
                                                                                                                                                                                                                                                                                                                                                                                                                    • flag-us
                                                                                                                                                                                                                                                                                                                                                                                                                      DNS
                                                                                                                                                                                                                                                                                                                                                                                                                      c.pki.goog
                                                                                                                                                                                                                                                                                                                                                                                                                      setup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      Remote address:
                                                                                                                                                                                                                                                                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                                                                                                                                                                                                                                                                      Request
                                                                                                                                                                                                                                                                                                                                                                                                                      c.pki.goog
                                                                                                                                                                                                                                                                                                                                                                                                                      IN A
                                                                                                                                                                                                                                                                                                                                                                                                                      Response
                                                                                                                                                                                                                                                                                                                                                                                                                      c.pki.goog
                                                                                                                                                                                                                                                                                                                                                                                                                      IN CNAME
                                                                                                                                                                                                                                                                                                                                                                                                                      pki-goog.l.google.com
                                                                                                                                                                                                                                                                                                                                                                                                                      pki-goog.l.google.com
                                                                                                                                                                                                                                                                                                                                                                                                                      IN A
                                                                                                                                                                                                                                                                                                                                                                                                                      142.250.200.3
                                                                                                                                                                                                                                                                                                                                                                                                                    • flag-gb
                                                                                                                                                                                                                                                                                                                                                                                                                      GET
                                                                                                                                                                                                                                                                                                                                                                                                                      http://c.pki.goog/r/gsr1.crl
                                                                                                                                                                                                                                                                                                                                                                                                                      setup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      Remote address:
                                                                                                                                                                                                                                                                                                                                                                                                                      142.250.200.3:80
                                                                                                                                                                                                                                                                                                                                                                                                                      Request
                                                                                                                                                                                                                                                                                                                                                                                                                      GET /r/gsr1.crl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Microsoft-CryptoAPI/6.1
                                                                                                                                                                                                                                                                                                                                                                                                                      Host: c.pki.goog
                                                                                                                                                                                                                                                                                                                                                                                                                      Response
                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                                                                                                                                                                                                                                                                                                                                                                                                                      Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
                                                                                                                                                                                                                                                                                                                                                                                                                      Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 1739
                                                                                                                                                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                      Server: sffe
                                                                                                                                                                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 03 Dec 2024 13:26:07 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                      Expires: Tue, 03 Dec 2024 14:16:07 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public, max-age=3000
                                                                                                                                                                                                                                                                                                                                                                                                                      Age: 803
                                                                                                                                                                                                                                                                                                                                                                                                                      Last-Modified: Mon, 07 Oct 2024 07:18:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: application/pkix-crl
                                                                                                                                                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                    • flag-gb
                                                                                                                                                                                                                                                                                                                                                                                                                      GET
                                                                                                                                                                                                                                                                                                                                                                                                                      http://c.pki.goog/r/r4.crl
                                                                                                                                                                                                                                                                                                                                                                                                                      setup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      Remote address:
                                                                                                                                                                                                                                                                                                                                                                                                                      142.250.200.3:80
                                                                                                                                                                                                                                                                                                                                                                                                                      Request
                                                                                                                                                                                                                                                                                                                                                                                                                      GET /r/r4.crl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Microsoft-CryptoAPI/6.1
                                                                                                                                                                                                                                                                                                                                                                                                                      Host: c.pki.goog
                                                                                                                                                                                                                                                                                                                                                                                                                      Response
                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                                                                                                                                                                                                                                                                                                                                                                                                                      Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
                                                                                                                                                                                                                                                                                                                                                                                                                      Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 436
                                                                                                                                                                                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                                                                                                                                                      Server: sffe
                                                                                                                                                                                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 03 Dec 2024 13:26:01 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                      Expires: Tue, 03 Dec 2024 14:16:01 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public, max-age=3000
                                                                                                                                                                                                                                                                                                                                                                                                                      Age: 809
                                                                                                                                                                                                                                                                                                                                                                                                                      Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: application/pkix-crl
                                                                                                                                                                                                                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                                                                                    • flag-us
                                                                                                                                                                                                                                                                                                                                                                                                                      DNS
                                                                                                                                                                                                                                                                                                                                                                                                                      browserdownload.ru
                                                                                                                                                                                                                                                                                                                                                                                                                      setup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      Remote address:
                                                                                                                                                                                                                                                                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                                                                                                                                                                                                                                                                      Request
                                                                                                                                                                                                                                                                                                                                                                                                                      browserdownload.ru
                                                                                                                                                                                                                                                                                                                                                                                                                      IN A
                                                                                                                                                                                                                                                                                                                                                                                                                      Response
                                                                                                                                                                                                                                                                                                                                                                                                                      browserdownload.ru
                                                                                                                                                                                                                                                                                                                                                                                                                      IN A
                                                                                                                                                                                                                                                                                                                                                                                                                      194.58.112.174
                                                                                                                                                                                                                                                                                                                                                                                                                    • flag-ru
                                                                                                                                                                                                                                                                                                                                                                                                                      GET
                                                                                                                                                                                                                                                                                                                                                                                                                      http://browserdownload.ru/land_2/r/aHR0cHM6Ly9kb3dubG9hZC5jZG4ueWFuZGV4Lm5ldC95YW5kZXgtdGFnL3dlYm9mZmVyL1lhbmRleFBhY2tMb2FkZXIuZXhlP3BhcnRuZXI9ODk4MSZ5YXFzZWFyY2g9eSZ5YWhvbWVwYWdlPXkmeWFicm93c2VyPXkmdmlkPTMyNiZoYXNoPTRkNjFhNDAwYTdjOTc3ZWI4NTQwNzFmOGY4NGVkZjZmJi5leGU=?ref_id=repack.me&prt=8981
                                                                                                                                                                                                                                                                                                                                                                                                                      setup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      Remote address:
                                                                                                                                                                                                                                                                                                                                                                                                                      194.58.112.174:80
                                                                                                                                                                                                                                                                                                                                                                                                                      Request
                                                                                                                                                                                                                                                                                                                                                                                                                      GET /land_2/r/aHR0cHM6Ly9kb3dubG9hZC5jZG4ueWFuZGV4Lm5ldC95YW5kZXgtdGFnL3dlYm9mZmVyL1lhbmRleFBhY2tMb2FkZXIuZXhlP3BhcnRuZXI9ODk4MSZ5YXFzZWFyY2g9eSZ5YWhvbWVwYWdlPXkmeWFicm93c2VyPXkmdmlkPTMyNiZoYXNoPTRkNjFhNDAwYTdjOTc3ZWI4NTQwNzFmOGY4NGVkZjZmJi5leGU=?ref_id=repack.me&prt=8981 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: NSIS_Inetc (Mozilla)
                                                                                                                                                                                                                                                                                                                                                                                                                      Host: browserdownload.ru
                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                                                                      Response
                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 03 Dec 2024 13:39:31 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                    • flag-us
                                                                                                                                                                                                                                                                                                                                                                                                                      DNS
                                                                                                                                                                                                                                                                                                                                                                                                                      crl.microsoft.com
                                                                                                                                                                                                                                                                                                                                                                                                                      Remote address:
                                                                                                                                                                                                                                                                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                                                                                                                                                                                                                                                                      Request
                                                                                                                                                                                                                                                                                                                                                                                                                      crl.microsoft.com
                                                                                                                                                                                                                                                                                                                                                                                                                      IN A
                                                                                                                                                                                                                                                                                                                                                                                                                      Response
                                                                                                                                                                                                                                                                                                                                                                                                                      crl.microsoft.com
                                                                                                                                                                                                                                                                                                                                                                                                                      IN CNAME
                                                                                                                                                                                                                                                                                                                                                                                                                      crl.www.ms.akadns.net
                                                                                                                                                                                                                                                                                                                                                                                                                      crl.www.ms.akadns.net
                                                                                                                                                                                                                                                                                                                                                                                                                      IN CNAME
                                                                                                                                                                                                                                                                                                                                                                                                                      a1363.dscg.akamai.net
                                                                                                                                                                                                                                                                                                                                                                                                                      a1363.dscg.akamai.net
                                                                                                                                                                                                                                                                                                                                                                                                                      IN A
                                                                                                                                                                                                                                                                                                                                                                                                                      88.221.134.146
                                                                                                                                                                                                                                                                                                                                                                                                                      a1363.dscg.akamai.net
                                                                                                                                                                                                                                                                                                                                                                                                                      IN A
                                                                                                                                                                                                                                                                                                                                                                                                                      88.221.134.83
                                                                                                                                                                                                                                                                                                                                                                                                                    • flag-gb
                                                                                                                                                                                                                                                                                                                                                                                                                      GET
                                                                                                                                                                                                                                                                                                                                                                                                                      http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
                                                                                                                                                                                                                                                                                                                                                                                                                      Remote address:
                                                                                                                                                                                                                                                                                                                                                                                                                      88.221.134.146:80
                                                                                                                                                                                                                                                                                                                                                                                                                      Request
                                                                                                                                                                                                                                                                                                                                                                                                                      GET /pki/crl/products/MicRooCerAut2011_2011_03_22.crl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                      If-Modified-Since: Thu, 11 Jul 2024 01:45:51 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Microsoft-CryptoAPI/6.1
                                                                                                                                                                                                                                                                                                                                                                                                                      Host: crl.microsoft.com
                                                                                                                                                                                                                                                                                                                                                                                                                      Response
                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 1036
                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                                                                                                                      Content-MD5: 8M9bF5Tsp81z+cAg2quO8g==
                                                                                                                                                                                                                                                                                                                                                                                                                      Last-Modified: Thu, 26 Sep 2024 02:21:11 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                      ETag: 0x8DCDDD1E3AF2C76
                                                                                                                                                                                                                                                                                                                                                                                                                      Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                                                                                                                                      x-ms-request-id: 8b44f4f2-401e-0014-5ac7-0f1f85000000
                                                                                                                                                                                                                                                                                                                                                                                                                      x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                                                                                                                                      x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                                                                                                                                      x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 03 Dec 2024 13:40:01 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                    • flag-us
                                                                                                                                                                                                                                                                                                                                                                                                                      DNS
                                                                                                                                                                                                                                                                                                                                                                                                                      www.microsoft.com
                                                                                                                                                                                                                                                                                                                                                                                                                      Remote address:
                                                                                                                                                                                                                                                                                                                                                                                                                      8.8.8.8:53
                                                                                                                                                                                                                                                                                                                                                                                                                      Request
                                                                                                                                                                                                                                                                                                                                                                                                                      www.microsoft.com
                                                                                                                                                                                                                                                                                                                                                                                                                      IN A
                                                                                                                                                                                                                                                                                                                                                                                                                      Response
                                                                                                                                                                                                                                                                                                                                                                                                                      www.microsoft.com
                                                                                                                                                                                                                                                                                                                                                                                                                      IN CNAME
                                                                                                                                                                                                                                                                                                                                                                                                                      www.microsoft.com-c-3.edgekey.net
                                                                                                                                                                                                                                                                                                                                                                                                                      www.microsoft.com-c-3.edgekey.net
                                                                                                                                                                                                                                                                                                                                                                                                                      IN CNAME
                                                                                                                                                                                                                                                                                                                                                                                                                      www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                                                                                                                                                                                                                                                                                                                                                                                                                      www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                                                                                                                                                                                                                                                                                                                                                                                                                      IN CNAME
                                                                                                                                                                                                                                                                                                                                                                                                                      e13678.dscb.akamaiedge.net
                                                                                                                                                                                                                                                                                                                                                                                                                      e13678.dscb.akamaiedge.net
                                                                                                                                                                                                                                                                                                                                                                                                                      IN A
                                                                                                                                                                                                                                                                                                                                                                                                                      95.100.245.144
                                                                                                                                                                                                                                                                                                                                                                                                                    • flag-gb
                                                                                                                                                                                                                                                                                                                                                                                                                      GET
                                                                                                                                                                                                                                                                                                                                                                                                                      http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
                                                                                                                                                                                                                                                                                                                                                                                                                      Remote address:
                                                                                                                                                                                                                                                                                                                                                                                                                      95.100.245.144:80
                                                                                                                                                                                                                                                                                                                                                                                                                      Request
                                                                                                                                                                                                                                                                                                                                                                                                                      GET /pkiops/crl/MicCodSigPCA2011_2011-07-08.crl HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                                                                      If-Modified-Since: Sun, 18 Aug 2024 00:23:49 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Microsoft-CryptoAPI/6.1
                                                                                                                                                                                                                                                                                                                                                                                                                      Host: www.microsoft.com
                                                                                                                                                                                                                                                                                                                                                                                                                      Response
                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 1078
                                                                                                                                                                                                                                                                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                                                                                                                      Content-MD5: PjrtHAukbJio72s77Ag5mA==
                                                                                                                                                                                                                                                                                                                                                                                                                      Last-Modified: Thu, 31 Oct 2024 23:26:09 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                      ETag: 0x8DCFA0366D6C4CA
                                                                                                                                                                                                                                                                                                                                                                                                                      x-ms-request-id: f61d54b8-f01e-003e-04ee-2bc095000000
                                                                                                                                                                                                                                                                                                                                                                                                                      x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                                                                                                                                      x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                                                                                                                                      x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                                                                                                                                      X-EdgeConnect-Origin-MEX-Latency: 223
                                                                                                                                                                                                                                                                                                                                                                                                                      Date: Tue, 03 Dec 2024 13:40:01 GMT
                                                                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                                                                      TLS_version: UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                                                      ms-cv: CASMicrosoftCV540bdfd7.0
                                                                                                                                                                                                                                                                                                                                                                                                                      ms-cv-esi: CASMicrosoftCV540bdfd7.0
                                                                                                                                                                                                                                                                                                                                                                                                                      X-RTag: RT
                                                                                                                                                                                                                                                                                                                                                                                                                    • 195.201.238.116:8082
                                                                                                                                                                                                                                                                                                                                                                                                                      utcsvc.linkpc.net
                                                                                                                                                                                                                                                                                                                                                                                                                      WScript.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      152 B
                                                                                                                                                                                                                                                                                                                                                                                                                      3
                                                                                                                                                                                                                                                                                                                                                                                                                    • 195.201.238.116:8082
                                                                                                                                                                                                                                                                                                                                                                                                                      utcsvc.linkpc.net
                                                                                                                                                                                                                                                                                                                                                                                                                      WScript.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      152 B
                                                                                                                                                                                                                                                                                                                                                                                                                      3
                                                                                                                                                                                                                                                                                                                                                                                                                    • 104.21.43.97:80
                                                                                                                                                                                                                                                                                                                                                                                                                      http://sub2.bubblesmedia.ru/tPJuh0I4KXdj4VLD8bfrj3yuN4sM930ftbOgSPQ3/s/6124/h/c59407/o/790/sub/0?a=1
                                                                                                                                                                                                                                                                                                                                                                                                                      http
                                                                                                                                                                                                                                                                                                                                                                                                                      setup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      431 B
                                                                                                                                                                                                                                                                                                                                                                                                                      1.2kB
                                                                                                                                                                                                                                                                                                                                                                                                                      5
                                                                                                                                                                                                                                                                                                                                                                                                                      3

                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP Request

                                                                                                                                                                                                                                                                                                                                                                                                                      GET http://sub2.bubblesmedia.ru/tPJuh0I4KXdj4VLD8bfrj3yuN4sM930ftbOgSPQ3/s/6124/h/c59407/o/790/sub/0?a=1

                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP Response

                                                                                                                                                                                                                                                                                                                                                                                                                      301
                                                                                                                                                                                                                                                                                                                                                                                                                    • 104.21.43.97:443
                                                                                                                                                                                                                                                                                                                                                                                                                      https://sub2.bubblesmedia.ru/tPJuh0I4KXdj4VLD8bfrj3yuN4sM930ftbOgSPQ3/s/6124/h/c59407/o/790/sub/0?a=1
                                                                                                                                                                                                                                                                                                                                                                                                                      tls, http
                                                                                                                                                                                                                                                                                                                                                                                                                      setup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      1.3kB
                                                                                                                                                                                                                                                                                                                                                                                                                      17.0kB
                                                                                                                                                                                                                                                                                                                                                                                                                      16
                                                                                                                                                                                                                                                                                                                                                                                                                      22

                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP Request

                                                                                                                                                                                                                                                                                                                                                                                                                      GET https://sub2.bubblesmedia.ru/tPJuh0I4KXdj4VLD8bfrj3yuN4sM930ftbOgSPQ3/s/6124/h/c59407/o/790/sub/0?a=1

                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP Response

                                                                                                                                                                                                                                                                                                                                                                                                                      200
                                                                                                                                                                                                                                                                                                                                                                                                                    • 142.250.200.3:80
                                                                                                                                                                                                                                                                                                                                                                                                                      http://c.pki.goog/r/r4.crl
                                                                                                                                                                                                                                                                                                                                                                                                                      http
                                                                                                                                                                                                                                                                                                                                                                                                                      setup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      554 B
                                                                                                                                                                                                                                                                                                                                                                                                                      3.8kB
                                                                                                                                                                                                                                                                                                                                                                                                                      7
                                                                                                                                                                                                                                                                                                                                                                                                                      5

                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP Request

                                                                                                                                                                                                                                                                                                                                                                                                                      GET http://c.pki.goog/r/gsr1.crl

                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP Response

                                                                                                                                                                                                                                                                                                                                                                                                                      200

                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP Request

                                                                                                                                                                                                                                                                                                                                                                                                                      GET http://c.pki.goog/r/r4.crl

                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP Response

                                                                                                                                                                                                                                                                                                                                                                                                                      200
                                                                                                                                                                                                                                                                                                                                                                                                                    • 194.58.112.174:80
                                                                                                                                                                                                                                                                                                                                                                                                                      http://browserdownload.ru/land_2/r/aHR0cHM6Ly9kb3dubG9hZC5jZG4ueWFuZGV4Lm5ldC95YW5kZXgtdGFnL3dlYm9mZmVyL1lhbmRleFBhY2tMb2FkZXIuZXhlP3BhcnRuZXI9ODk4MSZ5YXFzZWFyY2g9eSZ5YWhvbWVwYWdlPXkmeWFicm93c2VyPXkmdmlkPTMyNiZoYXNoPTRkNjFhNDAwYTdjOTc3ZWI4NTQwNzFmOGY4NGVkZjZmJi5leGU=?ref_id=repack.me&prt=8981
                                                                                                                                                                                                                                                                                                                                                                                                                      http
                                                                                                                                                                                                                                                                                                                                                                                                                      setup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      946 B
                                                                                                                                                                                                                                                                                                                                                                                                                      10.4kB
                                                                                                                                                                                                                                                                                                                                                                                                                      12
                                                                                                                                                                                                                                                                                                                                                                                                                      10

                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP Request

                                                                                                                                                                                                                                                                                                                                                                                                                      GET http://browserdownload.ru/land_2/r/aHR0cHM6Ly9kb3dubG9hZC5jZG4ueWFuZGV4Lm5ldC95YW5kZXgtdGFnL3dlYm9mZmVyL1lhbmRleFBhY2tMb2FkZXIuZXhlP3BhcnRuZXI9ODk4MSZ5YXFzZWFyY2g9eSZ5YWhvbWVwYWdlPXkmeWFicm93c2VyPXkmdmlkPTMyNiZoYXNoPTRkNjFhNDAwYTdjOTc3ZWI4NTQwNzFmOGY4NGVkZjZmJi5leGU=?ref_id=repack.me&prt=8981

                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP Response

                                                                                                                                                                                                                                                                                                                                                                                                                      404
                                                                                                                                                                                                                                                                                                                                                                                                                    • 195.201.238.116:8082
                                                                                                                                                                                                                                                                                                                                                                                                                      utcsvc.linkpc.net
                                                                                                                                                                                                                                                                                                                                                                                                                      WScript.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      152 B
                                                                                                                                                                                                                                                                                                                                                                                                                      3
                                                                                                                                                                                                                                                                                                                                                                                                                    • 88.221.134.146:80
                                                                                                                                                                                                                                                                                                                                                                                                                      http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
                                                                                                                                                                                                                                                                                                                                                                                                                      http
                                                                                                                                                                                                                                                                                                                                                                                                                      399 B
                                                                                                                                                                                                                                                                                                                                                                                                                      1.7kB
                                                                                                                                                                                                                                                                                                                                                                                                                      4
                                                                                                                                                                                                                                                                                                                                                                                                                      4

                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP Request

                                                                                                                                                                                                                                                                                                                                                                                                                      GET http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl

                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP Response

                                                                                                                                                                                                                                                                                                                                                                                                                      200
                                                                                                                                                                                                                                                                                                                                                                                                                    • 95.100.245.144:80
                                                                                                                                                                                                                                                                                                                                                                                                                      http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
                                                                                                                                                                                                                                                                                                                                                                                                                      http
                                                                                                                                                                                                                                                                                                                                                                                                                      393 B
                                                                                                                                                                                                                                                                                                                                                                                                                      1.8kB
                                                                                                                                                                                                                                                                                                                                                                                                                      4
                                                                                                                                                                                                                                                                                                                                                                                                                      4

                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP Request

                                                                                                                                                                                                                                                                                                                                                                                                                      GET http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl

                                                                                                                                                                                                                                                                                                                                                                                                                      HTTP Response

                                                                                                                                                                                                                                                                                                                                                                                                                      200
                                                                                                                                                                                                                                                                                                                                                                                                                    • 195.201.238.116:8082
                                                                                                                                                                                                                                                                                                                                                                                                                      utcsvc.linkpc.net
                                                                                                                                                                                                                                                                                                                                                                                                                      WScript.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      152 B
                                                                                                                                                                                                                                                                                                                                                                                                                      3
                                                                                                                                                                                                                                                                                                                                                                                                                    • 195.201.238.116:8082
                                                                                                                                                                                                                                                                                                                                                                                                                      utcsvc.linkpc.net
                                                                                                                                                                                                                                                                                                                                                                                                                      WScript.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      52 B
                                                                                                                                                                                                                                                                                                                                                                                                                      1
                                                                                                                                                                                                                                                                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                                                                                                                                                                                                                                                                      utcsvc.linkpc.net
                                                                                                                                                                                                                                                                                                                                                                                                                      dns
                                                                                                                                                                                                                                                                                                                                                                                                                      WScript.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      63 B
                                                                                                                                                                                                                                                                                                                                                                                                                      79 B
                                                                                                                                                                                                                                                                                                                                                                                                                      1
                                                                                                                                                                                                                                                                                                                                                                                                                      1

                                                                                                                                                                                                                                                                                                                                                                                                                      DNS Request

                                                                                                                                                                                                                                                                                                                                                                                                                      utcsvc.linkpc.net

                                                                                                                                                                                                                                                                                                                                                                                                                      DNS Response

                                                                                                                                                                                                                                                                                                                                                                                                                      195.201.238.116

                                                                                                                                                                                                                                                                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                                                                                                                                                                                                                                                                      sub2.bubblesmedia.ru
                                                                                                                                                                                                                                                                                                                                                                                                                      dns
                                                                                                                                                                                                                                                                                                                                                                                                                      setup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      66 B
                                                                                                                                                                                                                                                                                                                                                                                                                      98 B
                                                                                                                                                                                                                                                                                                                                                                                                                      1
                                                                                                                                                                                                                                                                                                                                                                                                                      1

                                                                                                                                                                                                                                                                                                                                                                                                                      DNS Request

                                                                                                                                                                                                                                                                                                                                                                                                                      sub2.bubblesmedia.ru

                                                                                                                                                                                                                                                                                                                                                                                                                      DNS Response

                                                                                                                                                                                                                                                                                                                                                                                                                      104.21.43.97
                                                                                                                                                                                                                                                                                                                                                                                                                      172.67.177.155

                                                                                                                                                                                                                                                                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                                                                                                                                                                                                                                                                      c.pki.goog
                                                                                                                                                                                                                                                                                                                                                                                                                      dns
                                                                                                                                                                                                                                                                                                                                                                                                                      setup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      56 B
                                                                                                                                                                                                                                                                                                                                                                                                                      107 B
                                                                                                                                                                                                                                                                                                                                                                                                                      1
                                                                                                                                                                                                                                                                                                                                                                                                                      1

                                                                                                                                                                                                                                                                                                                                                                                                                      DNS Request

                                                                                                                                                                                                                                                                                                                                                                                                                      c.pki.goog

                                                                                                                                                                                                                                                                                                                                                                                                                      DNS Response

                                                                                                                                                                                                                                                                                                                                                                                                                      142.250.200.3

                                                                                                                                                                                                                                                                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                                                                                                                                                                                                                                                                      browserdownload.ru
                                                                                                                                                                                                                                                                                                                                                                                                                      dns
                                                                                                                                                                                                                                                                                                                                                                                                                      setup.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      64 B
                                                                                                                                                                                                                                                                                                                                                                                                                      80 B
                                                                                                                                                                                                                                                                                                                                                                                                                      1
                                                                                                                                                                                                                                                                                                                                                                                                                      1

                                                                                                                                                                                                                                                                                                                                                                                                                      DNS Request

                                                                                                                                                                                                                                                                                                                                                                                                                      browserdownload.ru

                                                                                                                                                                                                                                                                                                                                                                                                                      DNS Response

                                                                                                                                                                                                                                                                                                                                                                                                                      194.58.112.174

                                                                                                                                                                                                                                                                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                                                                                                                                                                                                                                                                      crl.microsoft.com
                                                                                                                                                                                                                                                                                                                                                                                                                      dns
                                                                                                                                                                                                                                                                                                                                                                                                                      63 B
                                                                                                                                                                                                                                                                                                                                                                                                                      162 B
                                                                                                                                                                                                                                                                                                                                                                                                                      1
                                                                                                                                                                                                                                                                                                                                                                                                                      1

                                                                                                                                                                                                                                                                                                                                                                                                                      DNS Request

                                                                                                                                                                                                                                                                                                                                                                                                                      crl.microsoft.com

                                                                                                                                                                                                                                                                                                                                                                                                                      DNS Response

                                                                                                                                                                                                                                                                                                                                                                                                                      88.221.134.146
                                                                                                                                                                                                                                                                                                                                                                                                                      88.221.134.83

                                                                                                                                                                                                                                                                                                                                                                                                                    • 8.8.8.8:53
                                                                                                                                                                                                                                                                                                                                                                                                                      www.microsoft.com
                                                                                                                                                                                                                                                                                                                                                                                                                      dns
                                                                                                                                                                                                                                                                                                                                                                                                                      63 B
                                                                                                                                                                                                                                                                                                                                                                                                                      230 B
                                                                                                                                                                                                                                                                                                                                                                                                                      1
                                                                                                                                                                                                                                                                                                                                                                                                                      1

                                                                                                                                                                                                                                                                                                                                                                                                                      DNS Request

                                                                                                                                                                                                                                                                                                                                                                                                                      www.microsoft.com

                                                                                                                                                                                                                                                                                                                                                                                                                      DNS Response

                                                                                                                                                                                                                                                                                                                                                                                                                      95.100.245.144

                                                                                                                                                                                                                                                                                                                                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                                                                                                                                                    Replay Monitor

                                                                                                                                                                                                                                                                                                                                                                                                                    Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                                                                                                                                    Downloads

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\PROGRA~2\INTERN~2\idmwfp64.sys

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      223KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      2aa81ab974c62144c8678f2cb3b6b7f4

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      717e6ce7b216aa27f9c51942319400399f2e902c

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      d48f8f9db8e128e72b1c6faafc3e6b3af49d4a7e295e057479bc6ff12359e0a2

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      4fd394bb68f4da1a10cc002a1f96c74f81bf61502f10eb6d8187e3e983c025be06b59b950f508d320e39c396981ab1d7244a1dc6837183dc610cb3da4efb2b54

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\IDManTypeInfo.tlb

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      60adb0ad984d5c3a4289ced459913963

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      f8508d53a8d9d46e7e437a9f9c04dbfaf4d69519

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      d421d11ef7cf2b766ca6fbc8e837912b2100339c686d48ca56f650649f7b9343

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      2ca09a3b971218fc7116871d854a44e1c1a7abb16afca73bcbfa1e92fda1b8cf82e9b93c3dbc7b4e0efb9e31874b8ac592f151b08428bf1281a8a8d977e3a3fb

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_am.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      179KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      04c2c4ae4447f4fcdfe9891b31815c31

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      8933389fc3affea4b2be275c292dd8c20be73cd2

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      59feb468b93278b65159ba506e930505d22e766a4795d44662c1e6ce0bbbcf00

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      af5d4ac168ca53fba4ae1c4e0d822eebcedc97a3d6668fc5846f81930c34200518a62be190dfc895a44fdf659b125b14bb1e4466d3d088df5b7f25770f4f9303

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_ar.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      95KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      9a2557e3708d2812efc9c49c56cb082b

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      2b955c2a77a845df080fea1b215de1a118ab0705

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      0c48d9dd4c0611ac9117cd2ba08d164237a5304bc3c45c4154f717c67751ff90

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      13b30db1dde45ea1fce0ef01e0e76e12b70ee3794026316a3d2fd4e35f04686aaccb130b8114c2d5a811d69980e105abdba0594760ca8231cf50b2b0e6c364d2

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_chn2.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      76KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      4ffc9407b04179d6ab6631891643310b

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      f2e531a2e7582776d1a7e3fca9ac5bed75cc7eef

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      cadc2511f15db0cb65ae2bb50fac6864ce765d207e08ddafd773ffbd0e3534d1

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      e8c0819e61ace77b3263e478cefc7be8fc2c9267be48430b6b9a43be139be6256ec465522310f24502d8f6ed0da3a2dee1ef02ccc0c8e0eeb67b856b136becb8

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_cht.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      75KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      748fe90f8037e5ec3c6526334c6acd04

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      0d6955b1b56f9440c3fea798efa528b4e4ff285a

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      5ac9c869d9b2093509e52b503aa36a845cf0ca1cc638533196a85139b9c8ae52

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      13d9c081d705cb9d645105f2eed272fbb16a0d9286ffc19bf8dc13bbcd172ef361f9041df37c7090676a79ffa520e3f38ffeae1197cb811c160440830e89fbb8

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_cz.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      96KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      ad49287674f036ad7a272fff8e468b20

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      d3e2e3ee5ea5bcef5b4fe0e6195004220850858f

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      449f23660278b268ce198c7ca7c1988e5aac4aa18928c45282f4f75a89904b66

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      17bb5ef1eee005951b75d6e4ad5f4063c8dd43cd4984b794f322a98703e7ae2c85d29b91dd1b2b88149fd9ac9371d4ab54f0115f88c1693cbf8ed4deba2f73d4

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_de.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      115KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      4babfc1366167ee3b04b09a6e7cf5fcf

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      eb7bd98d67a0b1d83e16845f76e0afd22410a5b7

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      e205f37b208f4383f0813c61ef5f9839ef2cf4a6bae63aba0662072908550495

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      7726b0ff86ef5116b1ddb8db3f69032753db2c6c56b99e538add1b91a2cc42ac36f429f78bd1e707f731485f898346ba37ca0af1405985aba3a10bdadeb5aa9d

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_es.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      116KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      e5223cc0f24b447e17f67012b4f1f026

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      45e0c903b9186b11bc8cd1976425230393e63a8c

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      da67c969d0ec5c9db04415ad27f98759dd580881b5e6d34839d4c6fb0b05ea96

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      e3efab7ae4498aa55bad8483a78d5fe53af12392df90c3791e1ecc99aa71461faacd47a909babb97e54f7f7e5fda946bbccc552f25584997455c9571aa0a25b2

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_fa.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      108KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      88dba7e850c1a4e13e78322136a61c49

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      e95de8aa4919b06ac6661bb4c973a95579303e27

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      bdc81db3e7cab8d8022697065d5b1d328bc47423edef9530e3eb8db60c75a245

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      391ccdbda3b36e93bf88a84eba614d8e09e0a5b17715f181ba0781e987b3cca093a21219d156051ef8e3eb300e1a091fba829ae909b5dd8e1d4ba25329dd5670

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_fr.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      127KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      1d7384f9a6b899c6f9ca68fedf1a6211

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      74f3da4de29fec52bc29185077217dfc65da524d

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      79e344289cdde986bcbba93585aaf74eefadcc4fddd17d93c8f22dd824b352df

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      01722d536d4daa5eb61121bb3b20510491af9052ba499db786fd028d7cda527e01b1b6cab8c341760b1d4478da921b0b4001852f88936769fa389802fd4990c4

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_ge.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      255KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      94b39957358b8ad6fd44cb4d58cd0232

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      57b1c7168e3cae19569967039db053a49d9676d6

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      e84e133ad8b0fc2585c044913e8ad4cb17d7ceed622de4a56bd92376d5a350cb

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      2bcfda91f964f5abcc5ae9b0d171171d41f63748e856187b4ae1032967bc99d63ce1b837985c343aea1fee1d3f16d22eea8138cb65a2178db99e8196da2def0a

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_gr.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      107KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      0bad5ec5d39de002eb7c225e0d840f7f

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      1c0874e9e8b218a7d70cde10cdfc8727113651a2

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      db65ef51d8abda581c13994d13186e1efb3c16879e6475720c841d72d41ebe15

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      9ca1616bb941ccc3265c132a4e2585892a7ce4202f499a97e71b8f2d51d1bce5b3d9c88900a71a03b9c59e4c27345bcb454706304cdfe357dbae130906daad4f

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_hu.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      98KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      47220123da512c99d58fcb0c4b9fba78

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      799c6f3e665076a4964585700f34904baeb2afe8

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      35469c7f7d4c6e877a0101091f39ab4dd5abe81b2f6ba200d2c12c3f51614ac3

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      5bae79a8e8bfa6c26a5449f06a2aafa7e3fe808f3bfe82fb38626364f4d41b551782113b4994a777609741d1381740c39f1f93996bdca9f55c565e2208a0432b

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_id.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      93KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      4fc37880503b46a5d2dcbbc86123a488

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      c21bb4df2e426d462613e8f8cf8b0059a242e952

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      6acd5c9b492bdfb69939bf364ac989fecd91f033eb7484a3dcad4d7490eaf653

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      680d04cef9d8eeeae4c3a269a323d15268c1a529cd78977912c60818b5025cd1346c559f1053b030fdf12f9139cfd181cee242888cdd8ac5e8b870270e8a6739

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_it.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      122KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      6182604aac88708e17080093fb6e839b

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      2141fb5f5d9d14d5a2efbfef4034251113b58794

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      cb7b8a7c43f28e654666e6ef33246498ad0ef6bc30259915a60a881082e6b56e

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      82c03ab69a4b66fe5851361a8bb7e0053c6617b7b40f34ba4f120f66f36635abc5dd3832c58f8ff3df0dbd346449ffc9139d52823c71231c2eb362fdb10f0b62

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_iw.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      83KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      cf4cf41a7dfdbed842d53ef67afdac9b

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      014ce165ba3d4b2ec9edd6e818ac370068293fcc

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      55eee12afc157cb1b51fff074e55a3cf63630fb036ded1b51207f91af9ac0fd3

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      8b4e53079735b924d65a428935da251f06c6e74f8b5b73205651641c1e8eb63f675b46d1f7a6a38e321cb7294876feeaecb1bbf0cf5d5d15968c82926ed06a2a

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_jp.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      76KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      eb10dc0005b3dd71baef3e74d1ff43fb

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      9eb7a8f6282be5e1401fdb27818c15d5566fcc2b

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      0288dec15ddcd53646975ba87d1af968f124dc4cbb39a7bd0582da17a8feb84e

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      21f27a1cb71106298552a4d8bcfb792b7ae2ad07ebc8a1b0f4dceee035f570f72f6cefb309fd53d0b5ea9c86f55f663bd494ef2e462866c7033c2c22b99ebb76

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_kr.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      85KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      dfb270eb35b8dc8133eb11afa9f8dd49

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      1a5621424779f6d4de55356fba0c5c32de456b0a

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      fb027598d5ec83f29e5b72941713cfcfe265f1da77d84e9e38eda1e39888a87a

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      b18cc394c1ce4554beec25126c807822f5e59edf109fa0d1d56dab2f02107cf72fc4cc697fa7420e020d1681524b3ff710f23d851a807fcaef9ec3f80afb222c

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_nl.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      87KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      abdd394a90aefc9b0d45d1a3c5a8a2ce

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      69018f131edbacf4681fedcaa1cde2dca6ef28d7

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      13d0656e4cf72225491361ef03fafd5ba77ff6ed6b3a84b63fd2a08d20d11e8a

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      6f3103c69ea98bcedb126eabf4b9520350bf6f8b1d52da5765e7163fa91d4a9f0bd8f185f3a46f08254489f628f36c3d6b303130689537932a176c1404188c44

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_pl.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      118KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      e3624fc46f45c08f392625230b7a7207

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      0937957f304824b2e4ec1641f535d6aceb71b4bc

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      300991c0e17ce62a9a3cfb25199cb807cb1204d54cd9511da277b857903612d4

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      8b24da8d692efaec267f3019cf7e379d9a47e5f42ade9870d7ac3366483b93ec932aa61f8fd776dafdcc8bc339edfae4efda1f7d392291b4d1f811b8416a504f

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_ptbr.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      115KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      932049a7bf47e3f826c467f89745425d

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      719b6eacabd4e244ca457bd3ee8b988d68fd34fb

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      049396bff939fc33a2a8b1e1c00d40b56e5d2eef51d7c553ce2681c36f796d4d

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      d555e3b88e757f1b341a71e957156c6ce2afed20645593e96a55c2bbdbf91c34b30f675eff0d7285740bdeb6f688a28591135fbd2fd94102cdc272569604a2c5

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_ru.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      106KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      1cbbeacec44b36b374f3a36c04d35b17

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      1ddf82591ddee2a9f8b2a5e42bda771664a557e1

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      2f0da35d7309616d7695b0b01c2cf06978caa5502104e1dcf0b3c1aa69823ba0

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      6ceb4fc01dd39a09ed9f0ae3f8632e917a8bd67b8c7b4f9289fa5ea68110b3ede02811026704704fd64904cef1815c327b8cdfbdde7fbf9f1305d0321f45b547

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_sk.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      115KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      bb98edcd629bc5135131e995dd8178df

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      8f81d988b5e85f11e5712669ed9cebb5ee7c4fdf

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      23e5ccb3eeef49f031f1f27ad9822aafaeb2a8058df9e78a12ec02497b9f7bf5

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      2d32de272942420faed0e2412129fbaf0c2c839d6ec5f13743f891fb9fe0eb2b29741615e84f3030879841d7e1b9b38b9ae9692217ee6afcb9779c0beed2feb5

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_th.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      97KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      4458f1ab858c6038f23b4ccde737ece4

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      55021b07cab37920aa05e302d5d06993dfae5090

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      e5769b1f1a9f22a53e988452248c5276d5c29ead02c5c3ebeba9767737dd88af

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      7c3f5643c9476d328b9d8af8e8b264860af579deef09cc52051037c9b8798fbf0531f333923ec6a94e3fab1c190dc9240c530bfb3cc4edfe218319e0a5e64a53

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_tr.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      112KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      33de9de10d2d4225ad5a18d29cb75e81

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      b3a74a3c527bf47398122b05467cb07a2d4d622b

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      7d7b891c17c433ce646a70cbdf554e0e73b11248dcd029e783bc88d087bfa34a

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      d7bb090f187b97adbaf202f2d43dbf929dca76631716fcd09cd72fbfaeeccddea917ae17aac210d5609b7441833baef31a222c1c1dacef014ddcaae36155a09c

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_ua.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      94KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      13f879e8a8238c677f1bc5224cf2b00f

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      58a8ff0fef00de094ef4711adb88a8ee5d3d21c2

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      6383699f275c757134f53ac62302ef9324de0e8255e4371e25d32e78585d7266

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      ff11fffa35453ef5b270580aaaf900a9abbf74f5aa38eef4f28d097f9dec0f405af82ff72d74d6bbb0bf25e1acde96f60f9dd756b3bfeb1cf3d1062985a86d6c

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Languages\idm_vn.lng

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      107KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      c6ebbfa4dfb862e634a1ed8a8a63f075

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      1322df337e2248923db109700333cf6c66993698

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      1425f4ee30f57ed854248fba10621f4aef9b40cf109a31f46bf635e252010113

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      861a6a66438bdb93d5fb2f905fd71c4e9ef90a09f9a052219fbfd54d542def22a7dc57077212d3cf23cbc8070fd4660ecd959eabf2e18359eaecbe3b77de40ea

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\Toolbar\PureFlat.tbi

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      171B

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      7383a950fd9cf4e544d6c0daa11f3dc6

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      04b1f5372560a000aa87d3afd2d400e6fae5b9b2

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      b4a3be388ba7abdbd86b9bbf6d775ac2505860d16f714c46e1b761b0ce706e1b

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      b0b63c6a3e716c568a904b888b0516ae715d13b157b83f9973ae9758349c2df8232e7ca1aa2536e8010e81be333e55bf13f52f3922143d0ee77dc9a7ad16bc7b

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\idmcchandler2.dll

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      326KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      36b618f848d6dda620bf0b151eacf02d

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      fce4b8bacd1b764c01051603e6548f8b458ee2b8

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      1450146b904919474ef6d528b20a672a33a32afc4a1e40f69d515b523d72fa19

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      b5cbadaa41ac4cfd634c6a7546a4d25116ea33b88f9d5136f2b8982299f3dc50b18b01b0afde4efa4a0fa28b48d539a4039196d9a983c43b4b4cd8395ec4d31b

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\idmcchandler2_64.dll

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      451KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      5012ea14f13dd58ffeb14553824d8ebb

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      416009ed1d66d9e19e6a5d0e45f90923892c94e1

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      59ac02f5a0644bf56b7ad7e2b48fc8f89083f8cfe12a0a93f63163a5573a876f

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      d86880353c24cff8580b799afcbe3e5319a2d454bb72fdad37f950d4470b51b3adf46e685bcae49111de6864543d5a51a6849e804cd32e292cabdb6d9c443617

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files (x86)\Internet Download Manager\idmwfp.inf

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      2KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      166e36297b7ea7326c4c74061ba2e8ef

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      85d55e3be7a505a8ce154e9693670fabe5c2f3a6

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      65c1ddf7a040192e05f01d4e289a0c3ccf42a86e8bbc32b0185de5bb86c4fc4b

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      333c538cd67cda1521668eb69f5cd7017cd5b26647d6aee49151a45881ed16960574407401303c8c5b602a12d9511a484ad3495c8cae6f201fbcc44bd5a12564

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\info.js

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      36KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      f41480f6f0858cdabe2ceea3e0020041

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      83dd98a7de70dc21f39a52e6ed27b9f6c85fd6bd

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      83286f93ec6cdf32c96e9f8e5466d5ff24ac240db67a42e6da99b79dccf90eab

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      8427357325ea628e3447741304844fb307b3e1910b6d68bd83198610f6078f81b0fe46144e197d3c2732e26045b31020348e1ab27c0b16b5f331a1648a573ff6

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\nsjD3D5.tmp\Cleanup.cmd

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      10KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      83b35ccf8c895db938a399c0802fc04b

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      f3dd65310b93d474c991f50231711957463a1540

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      051a2e1c9188161b792787d643d635351e5a4e319af94b79e13056c340302915

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      8caaa8b04b18a6898f172dc792fd09bf8423e6a5e3ab250dac043812eb0a0710ff2eb925112b00ca347c7c1587e81c449ec2e8f2fd322ca094b4f2d3dd78401d

                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\nsjD3D5.tmp\repackme.gif

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      6KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      23d3840adb8f4f1efc083a1f7e640191

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      adf0c7daa49637767b2abe2f390d1da4780eea9c

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      82a1454402156d74f4f23c992d5d772b665546208eff44790871b8dcb36d2304

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      7743a17141581ffa8023097678bf2eaf6db7d337af45052d00caba74f21f13e7ffa95097b629c3a28a3366eda873afdce240344adfdf7c0ef662a0ba0fe6db25

                                                                                                                                                                                                                                                                                                                                                                                                                    • \Program Files (x86)\Internet Download Manager\IDMGetAll.dll

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      73KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      d04845fab1c667c04458d0a981f3898e

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      f30267bb7037a11669605c614fb92734be998677

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      33a8a6b9413d60a38237bafc4c331dfebf0bf64f8057abc335b4a6a6b95c9381

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      ccd166dbe9aaba3795963af7d63b1a561de90153c2eaefb12f3e9f9ddebd9b1f7861ee76f45b4ef19d41ca514f3796e98b3c3660596730be8d8eb9e1048ef59e

                                                                                                                                                                                                                                                                                                                                                                                                                    • \Program Files (x86)\Internet Download Manager\IDMShellExt64.dll

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      36KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      a3c44204992e307d121df09dd6a1577c

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      9482d8ffda34904b1dfd0226b374d1db41ca093d

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      48e5c5916f100880e68c9e667c4457eb0065c5c7ab40fb6d85028fd23d3e4838

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      f700cf7accab0333bc412f68cdcfb25d68c693a27829bc38a655d52cb313552b59f9243fc51357e9dccd92863deecb529cc68adbc40387aad1437d625fd577f1

                                                                                                                                                                                                                                                                                                                                                                                                                    • \Program Files (x86)\Internet Download Manager\IDMan.exe

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      5.4MB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      6bfa07c101ef8f3708392bd3a13ee325

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      03f057f942bb41b98a2b26daf6b6769aff11c770

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      0456c1235db5460dfbab99520c95a0a9cf4c037c30aaca2fd76b0d3e8889d6ef

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      191ecde5373321c6bac57eb57936affaa6cd6dc190a48482636044a722c80cdc422fbf752f03ad286bf426e39813cdaba67858402a753eaf4266cc87b581a92a

                                                                                                                                                                                                                                                                                                                                                                                                                    • \Program Files (x86)\Internet Download Manager\Uninstall-ME.exe

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      108KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      6d51767d38f14ca4ee194b1b4e42c1ef

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      67c402cb1e41b279376e8b300d466845d2da4eea

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      f7d0f32d02c9e06ddca8a1be99b0619eebeaa2335a1705f49a37093308548847

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      d4413d2d7b6f8aaabf24dc65ade8efa21b9a8888f8241790ddabdfd184007edf686e208288d5ff43a7f963d769445fcf8e454e4197982b043d7605ba442ddfcb

                                                                                                                                                                                                                                                                                                                                                                                                                    • \Program Files (x86)\Internet Download Manager\Uninstall.exe

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      161KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      85ffda25e7f8584420496a45ff114eb5

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      1ce8d2d592d1ca1509fb18a3d6cc8a251dc5c5f8

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      124701995b3aefba458dc4f654ff2e6c8df014e9ab210525edc031abf24c0491

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      5c07a29fc42e81a4591e8dbbea2a641b42a110bb31f4b6458794124246210af805bacd6949b95310038c5f19be392d33be081f2dce3946917e8972e00cc3fa90

                                                                                                                                                                                                                                                                                                                                                                                                                    • \Program Files (x86)\Internet Download Manager\idmvs.dll

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      37KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      77c37aaa507b49990ec1e787c3526b94

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      677d75078e43314e76380658e09a8aabd7a6836c

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      1c55021653c37390b3f4f519f7680101d7aaf0892aef5457fe656757632b2e10

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      a9474cefe267b9f0c4e207a707a7c05d69ac571ae48bf174a49d2453b41cffd91aa48d8e3278d046df4b9ce81af8755e80f4fa8a7dacbf3b5a1df56f704417b2

                                                                                                                                                                                                                                                                                                                                                                                                                    • \Users\Admin\AppData\Local\Temp\nsjD3D5.tmp\Aero.dll

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      6KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      869c5949a10b32d3a31966cc5291301b

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      329080c974d593ecdefd02afa38dd663a10331c4

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      b19961de6ca07e08704d6372718542f70dbbb203e59bf9bbe3a58f6e069a625c

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      3b9dde16e9ca803b1048243dbf29c717ac0472dffa764542c234318a960828834aa650b1dfb8bba66c4e7a9ce3aaf453829afc57dfb33dc8c311d203150d4fca

                                                                                                                                                                                                                                                                                                                                                                                                                    • \Users\Admin\AppData\Local\Temp\nsjD3D5.tmp\LangDLL.dll

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      5KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      109b201717ab5ef9b5628a9f3efef36f

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      98db1f0cc5f110438a02015b722778af84d50ea7

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      20e642707ef82852bcf153254cb94b629b93ee89a8e8a03f838eef6cbb493319

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      174e241863294c12d0705c9d2de92f177eb8f3d91125b183d8d4899c89b9a202a4c7a81e0a541029a4e52513eee98029196a4c3b8663b479e69116347e5de5b4

                                                                                                                                                                                                                                                                                                                                                                                                                    • \Users\Admin\AppData\Local\Temp\nsjD3D5.tmp\System.dll

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      12KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      8cf2ac271d7679b1d68eefc1ae0c5618

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      7cc1caaa747ee16dc894a600a4256f64fa65a9b8

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

                                                                                                                                                                                                                                                                                                                                                                                                                    • \Users\Admin\AppData\Local\Temp\nsjD3D5.tmp\inetc.dll

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      24KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      640bff73a5f8e37b202d911e4749b2e9

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      9588dd7561ab7de3bca392b084bec91f3521c879

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

                                                                                                                                                                                                                                                                                                                                                                                                                    • \Users\Admin\AppData\Local\Temp\nsjD3D5.tmp\newadvsplash.dll

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      8KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      55a723e125afbc9b3a41d46f41749068

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      01618b26fec6b8c6bdb866e6e4d0f7a0529fe97c

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      0a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      559157fa1b3eb6ae1f9c0f2c71ccc692a0a0affb1d6498a8b8db1436d236fd91891897ac620ed5a588beba2efa43ef064211a7fcadb5c3a3c5e2be1d23ef9d4c

                                                                                                                                                                                                                                                                                                                                                                                                                    • \Users\Admin\AppData\Local\Temp\nsjD3D5.tmp\nsDialogs.dll

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      9KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      ec9640b70e07141febbe2cd4cc42510f

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      64a5e4b90e5fe62aa40e7ac9e16342ed066f0306

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      c5ba017732597a82f695b084d1aa7fe3b356168cc66105b9392a9c5b06be5188

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      47605b217313c7fe6ce3e9a65da156a2fba8d91e4ed23731d3c5e432dd048ff5c8f9ae8bb85a6a39e1eac4e1b6a22862aa72d3b1b1c8255858997cdd4db5d1fe

                                                                                                                                                                                                                                                                                                                                                                                                                    • \Users\Admin\AppData\Local\Temp\nsjD3D5.tmp\nsExec.dll

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      7KB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      f27689c513e7d12c7c974d5f8ef710d6

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      e305f2a2898d765a64c82c449dfb528665b4a892

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      1f18f4126124b0551f3dbcd0fec7f34026f930ca509f04435657cedc32ae8c47

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      734e9f3989ee47a86bee16838df7a09353c7fe085a09d77e70d281b21c5477b0b061616e72e8ac8fcb3dda1df0d5152f54dcc4c5a77f90fbf0f857557bf02fbc

                                                                                                                                                                                                                                                                                                                                                                                                                    • \Users\Admin\AppData\Local\Temp\setup.exe

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      8.5MB

                                                                                                                                                                                                                                                                                                                                                                                                                      MD5

                                                                                                                                                                                                                                                                                                                                                                                                                      99bb51fcdb17ce1d306d47ea756100c0

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                      408f498f73abd509d2f4c7fdbf88d63e09b9d02c

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                      6c96205eafa8c750afc2c3d9e316a633e0af3ef8a1dafce0176503af81ae52f8

                                                                                                                                                                                                                                                                                                                                                                                                                      SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                      85350c8c587df6618468ed859a33f7ac5884ad4f20f8518c6a11f46bbc62aa126da7eb197855b48468901ea61f410c2a6c9054274c38ca32dd59c7c3d3d9c11b

                                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1592-590-0x00000000002F0000-0x0000000000325000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      212KB

                                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1592-596-0x00000000002F0000-0x0000000000325000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      212KB

                                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1796-74-0x0000000074890000-0x0000000074899000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      36KB

                                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1796-541-0x0000000074890000-0x0000000074899000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      36KB

                                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1796-55-0x0000000074890000-0x0000000074899000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      36KB

                                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1796-427-0x0000000002BA0000-0x0000000002BC9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      164KB

                                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1948-568-0x0000000003AC0000-0x0000000003AE9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      164KB

                                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1948-569-0x0000000003AC0000-0x0000000003AE9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      164KB

                                                                                                                                                                                                                                                                                                                                                                                                                    • memory/1948-570-0x0000000003AC0000-0x0000000003AE9000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      164KB

                                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2064-575-0x0000000002280000-0x00000000022B5000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      212KB

                                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2072-432-0x00000000003F0000-0x0000000000400000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2072-440-0x0000000000400000-0x0000000000429000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      164KB

                                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2360-571-0x00000000003F0000-0x0000000000400000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2360-584-0x0000000000400000-0x0000000000429000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      164KB

                                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2584-586-0x00000000005C0000-0x00000000005D0000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      64KB

                                                                                                                                                                                                                                                                                                                                                                                                                    • memory/2584-600-0x0000000000400000-0x0000000000429000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                      Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                      164KB

                                                                                                                                                                                                                                                                                                                                                                                                                    We care about your privacy.

                                                                                                                                                                                                                                                                                                                                                                                                                    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.