Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Kameta Setup 1.0.0.exe

Overview

General Information

Sample name:Kameta Setup 1.0.0.exe
Analysis ID:1568018
MD5:0157b710ec82b63db471a4030979fbd3
SHA1:03e1e97522f61193836a6f2b489699ba5b087b5e
SHA256:4bcd67e69705a2aed00ecfb30e2e9f05af8a0e00d5cb787e8427d100f766ca54
Tags:exemalicorduser-cyberclone
Infos:

Detection

Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Drops large PE files
Excessive usage of taskkill to terminate processes
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Sigma detected: Rare Remote Thread Creation By Uncommon Source Image
Suspicious powershell command line found
Tries to harvest and steal browser information (history, passwords, etc)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Stores files to the Windows start menu directory
Too many similar processes found
Uses 32bit PE files
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • Kameta Setup 1.0.0.exe (PID: 6568 cmdline: "C:\Users\user\Desktop\Kameta Setup 1.0.0.exe" MD5: 0157B710EC82B63DB471A4030979FBD3)
    • cmd.exe (PID: 6660 cmdline: cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq KametaSetup.exe" | %SYSTEMROOT%\System32\find.exe "KametaSetup.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 6820 cmdline: tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq KametaSetup.exe" MD5: 0A4448B31CE7F83CB7691A2657F330F1)
      • find.exe (PID: 6852 cmdline: C:\Windows\System32\find.exe "KametaSetup.exe" MD5: 15B158BC998EEF74CFDD27C44978AEA0)
  • KametaSetup.exe (PID: 1620 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe" MD5: 7153F5DCF75B41969A641F98F370D035)
    • MpCmdRun.exe (PID: 6268 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)
      • conhost.exe (PID: 3916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 3620 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 2304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 7244 cmdline: wmic bios get smbiosbiosversion MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
    • cmd.exe (PID: 3064 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • Conhost.exe (PID: 8596 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7324 cmdline: taskkill /IM chrome.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
        • Conhost.exe (PID: 7816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7188 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7216 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7808 cmdline: taskkill /IM msedge.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7204 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7260 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7932 cmdline: taskkill /IM brave.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7252 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7292 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • Conhost.exe (PID: 7228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7892 cmdline: taskkill /IM firefox.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7280 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7872 cmdline: taskkill /IM opera.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
        • Conhost.exe (PID: 5652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7336 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7384 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7860 cmdline: taskkill /IM kometa.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7356 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7984 cmdline: taskkill /IM orbitum.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7376 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7792 cmdline: taskkill /IM centbrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7416 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7484 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7800 cmdline: taskkill /IM 7star.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • Conhost.exe (PID: 7480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7436 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 8144 cmdline: taskkill /IM sputnik.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7448 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 8124 cmdline: taskkill /IM vivaldi.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7456 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7516 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 8052 cmdline: taskkill /IM epicprivacybrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • Conhost.exe (PID: 8704 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7464 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7564 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7948 cmdline: taskkill /IM uran.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7552 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7636 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 8188 cmdline: taskkill /IM yandex.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7624 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 8116 cmdline: taskkill /IM iridium.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • Conhost.exe (PID: 8164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • KametaSetup.exe (PID: 7960 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 --field-trial-handle=2188,i,5456543408629399747,16697329975367127579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2 MD5: 7153F5DCF75B41969A641F98F370D035)
    • cmd.exe (PID: 8064 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8084 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 8272 cmdline: tasklist /FI "IMAGENAME eq msedge.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 8092 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7368 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 8292 cmdline: tasklist /FI "IMAGENAME eq chrome.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 6584 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 8360 cmdline: tasklist /FI "IMAGENAME eq firefox.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
        • Conhost.exe (PID: 8312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • Conhost.exe (PID: 3684 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • Conhost.exe (PID: 6708 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 3688 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 4544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 8336 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7520 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 8428 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 8560 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 8608 cmdline: wmic MemoryChip get /format:list MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • find.exe (PID: 8616 cmdline: find /i "Speed" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
    • cmd.exe (PID: 8656 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • Conhost.exe (PID: 340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 8700 cmdline: wmic path win32_VideoController get name MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
    • cmd.exe (PID: 8760 cmdline: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 8856 cmdline: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName MD5: 04029E121A0CFA5991749937DD22A1D9)
    • KametaSetup.exe (PID: 8836 cmdline: "C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=1208 --field-trial-handle=2188,i,5456543408629399747,16697329975367127579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8 MD5: 7153F5DCF75B41969A641F98F370D035)
    • cmd.exe (PID: 8944 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 8992 cmdline: wmic bios get smbiosbiosversion MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
    • cmd.exe (PID: 9080 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 9088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • Conhost.exe (PID: 7424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 9128 cmdline: wmic MemoryChip get /format:list MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • find.exe (PID: 9136 cmdline: find /i "Speed" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
    • cmd.exe (PID: 9176 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 9184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 6268 cmdline: wmic path win32_VideoController get name MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
    • cmd.exe (PID: 7512 cmdline: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 3396 cmdline: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName MD5: 04029E121A0CFA5991749937DD22A1D9)
    • cmd.exe (PID: 1804 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7384 cmdline: taskkill /IM chrome.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
        • Conhost.exe (PID: 8716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 8168 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 5472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7336 cmdline: taskkill /IM msedge.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4088 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7900 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7528 cmdline: taskkill /IM brave.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7876 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7432 cmdline: taskkill /IM firefox.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6640 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • Conhost.exe (PID: 9108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7440 cmdline: taskkill /IM opera.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8228 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7472 cmdline: taskkill /IM kometa.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8108 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7632 cmdline: taskkill /IM orbitum.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
        • Conhost.exe (PID: 7588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 1312 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 8484 cmdline: taskkill /IM centbrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6028 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7832 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 8452 cmdline: taskkill /IM 7star.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2764 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 8440 cmdline: taskkill /IM sputnik.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
        • Conhost.exe (PID: 8644 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7496 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 8472 cmdline: taskkill /IM vivaldi.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
        • Conhost.exe (PID: 7788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7848 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 8096 cmdline: taskkill /IM epicprivacybrowser.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7676 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7696 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 8084 cmdline: taskkill /IM uran.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7420 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 7368 cmdline: taskkill /IM yandex.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7932 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7204 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 8216 cmdline: taskkill /IM iridium.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7252 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 6388 cmdline: tasklist /FI "IMAGENAME eq msedge.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7444 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7212 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7356 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7288 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 8428 cmdline: tasklist /FI "IMAGENAME eq iexplore.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7948 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7776 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 7712 cmdline: tasklist /FI "IMAGENAME eq firefox.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 7376 cmdline: C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8372 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • Conhost.exe (PID: 8864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • Conhost.exe (PID: 2088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • tasklist.exe (PID: 8196 cmdline: tasklist /FI "IMAGENAME eq chrome.exe" MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
    • cmd.exe (PID: 8220 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 3848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 8772 cmdline: wmic bios get smbiosbiosversion MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
    • chrome.exe (PID: 8716 cmdline: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 9000 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2052 --field-trial-handle=2012,i,14256643865995858684,9263389117564715630,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • cmd.exe (PID: 7332 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 6644 cmdline: wmic MemoryChip get /format:list MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • find.exe (PID: 7928 cmdline: find /i "Speed" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
    • cmd.exe (PID: 7628 cmdline: C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 8024 cmdline: taskkill /IM chrome.exe /F MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7900 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 4228 cmdline: wmic path win32_VideoController get name MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
    • cmd.exe (PID: 7476 cmdline: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 8484 cmdline: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName MD5: 04029E121A0CFA5991749937DD22A1D9)
    • msedge.exe (PID: 4340 cmdline: "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 7832 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2072 --field-trial-handle=1972,i,2766285570963821738,1807897661508393279,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • cmd.exe (PID: 7952 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 8152 cmdline: wmic bios get smbiosbiosversion MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
    • cmd.exe (PID: 7256 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • Conhost.exe (PID: 7868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 9136 cmdline: wmic MemoryChip get /format:list MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • find.exe (PID: 7540 cmdline: find /i "Speed" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
      • Conhost.exe (PID: 5272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 8112 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WMIC.exe (PID: 7936 cmdline: wmic path win32_VideoController get name MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • Conhost.exe (PID: 5836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 1804 cmdline: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 8896 cmdline: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName MD5: 04029E121A0CFA5991749937DD22A1D9)
    • dllhost.exe (PID: 8976 cmdline: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} MD5: 08EB78E5BE019DF044C26B14703BD1FA)
    • cmd.exe (PID: 8248 cmdline: C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8500 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 8716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 7576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 9188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Conhost.exe (PID: 9136 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 7600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 7496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 8932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 7252 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 7376 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Conhost.exe (PID: 8088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 6640 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 6928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 3204 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 8588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 8904 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Conhost.exe (PID: 7224 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 8400 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 708 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 8568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 3204 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 8072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 7536 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 8100 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 7232 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 6236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Conhost.exe (PID: 7420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 6364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 6632 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 7200 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Conhost.exe (PID: 8680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 6580 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 7336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 8128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 7944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 6968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 1364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 4080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 6516 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 8564 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 8316 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 8384 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 8040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 7952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 1612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 7824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 2992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 7280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Conhost.exe (PID: 4228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Rare Remote Thread Creation By Uncommon Source Image
Source: Threat createdAuthor: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\System32\wbem\WMIC.exe, SourceProcessId: 6268, StartAddress: 213032B0, TargetImage: C:\Program Files\Windows Defender\MpCmdRun.exe, TargetProcessId: 6268
Sigma detected: Browser Started with Remote Debugging
Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000, CommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe" , ParentImage: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe, ParentProcessId: 1620, ParentProcessName: KametaSetup.exe, ProcessCommandLine: "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000, ProcessId: 8716, ProcessName: chrome.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, CommandLine: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 8760, ParentProcessName: cmd.exe, ProcessCommandLine: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName, ProcessId: 8856, ProcessName: powershell.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: Kameta Setup 1.0.0.exeVirustotal: Detection: 7%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 80.0% probability
Source: Kameta Setup 1.0.0.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7f8d2dd2-ffce-55a8-ade7-0b57674516b0Jump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\LICENSE.electron.txtJump to behavior
Source: Kameta Setup 1.0.0.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: pdb_base = '%s.%s.pdb' % (pdb_base, TARGET_TYPE_EXT[target_dict['type']]) source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\USERS\ADMINISTRATOR\DESKTOP\LEET STEALER\API\CRYPTER\SCRIPT\NODE_MODULES\REGISTRY-JS\BUILD\RELEASE\REGISTRY.PDB source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: pdb = self.GetPDBName(config, expand_special, output_name + '.pdb') source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: Kameta Setup 1.0.0.exe, 00000000.00000003.1874809314.0000000002D25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: # the .pdb by the precompiled header step for .cc and the compilation of source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: - Use '<(PRODUCT_DIR)/<(product_name).(exe|dll).pdb' if 'product_name' is source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: 'ProgramDatabaseFile': 'Flob.pdb', source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: - Use '<(PRODUCT_DIR)/<(target_name).(exe|dll).pdb'. source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\a\registry-js\registry-js\build\Release\registry.pdb source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: Kameta Setup 1.0.0.exe, 00000000.00000003.1823957007.0000000004F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /OUT:"C:\USERS\ADMINISTRATOR\DESKTOP\LEET STEALER\API\CRYPTER\SCRIPT\NODE_MODULES\REGISTRY-JS\BUILD\RELEASE\REGISTRY.NODE" /INCREMENTAL:NO /NOLOGO KERNEL32.LIB USER32.LIB GDI32.LIB WINSPOOL.LIB COMDLG32.LIB ADVAPI32.LIB SHELL32.LIB OLE32.LIB OLEAUT32.LIB UUID.LIB ODBC32.LIB DELAYIMP.LIB "C:\\USERS\\ADMINISTRATOR\\APPDATA\\LOCAL\\NODE-GYP\\CACHE\\18.17.0\\X64\\NODE.LIB" DELAYIMP.LIB /DELAYLOAD:NODE.EXE /MANIFEST /MANIFESTUAC:"level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:"C:\USERS\ADMINISTRATOR\DESKTOP\LEET STEALER\API\CRYPTER\SCRIPT\NODE_MODULES\REGISTRY-JS\BUILD\RELEASE\REGISTRY.PDB" /OPT:REF /OPT:ICF /TLBID:1 /DYNAMICBASE /NXCOMPAT /MACHINE:X64 /LTCG:INCREMENTAL /ignore:4199 /DLL RELEASE\OBJ\REGISTRY\WIN_DELAY_LOAD_HOOK.OBJ source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: config_name, self.ExpandSpecial, output + '.pdb') source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: '$(IntDir)$(ProjectName)\\vc80.pdb', only_if_unset=True) source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: 'ProgramDataBaseFileName': '$(IntDir)\\vc90b.pdb', source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: pdbpath_cc = pdbpath + '.cc.pdb' source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: pdbpath_c = pdbpath + '.c.pdb' source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\PROFESSIONAL\VC\TOOLS\MSVC\14.42.34433\LIB\X64\LIBCMT.AMD64.PDB source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdb source: Kameta Setup 1.0.0.exe, 00000000.00000003.1822603272.0000000004F23000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: config_name, self.ExpandSpecial, output + '.pdb') source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\node-sqlite3\build\Release\node_sqlite3.pdb source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: Kameta Setup 1.0.0.exe, 00000000.00000003.1822603272.0000000004F23000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 'ProgramDataBaseFileName': '$(IntDir)vc90b.pdb', source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1868626155.0000000004F2E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\SRC" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\DEPS\V8\INCLUDE" /I"..\NODE_MODULES\NODE-ADDON-API" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=registry /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=9 /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\REGISTRY\\SRC\MAIN.OBJ" /Fd"RELEASE\OBJ\REGISTRY\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /wd4530 /wd4506 /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\LEET STEALER\API\CRYPTER\SCRIPT\NODE_MODULES\REGISTRY-JS\SRC\MAIN.CC source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\PROFESSIONAL\VC\TOOLS\MSVC\14.42.34433\LIB\X64\LIBVCRUNTIME.AMD64.PDB source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\a\win-version-info\win-version-info\build\Release\VersionInfo.pdb source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748395496.0000000006840000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\SRC" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\DEPS\V8\INCLUDE" /I"..\NODE_MODULES\NODE-ADDON-API" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=registry /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=9 /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\REGISTRY\\" /Fd"RELEASE\OBJ\REGISTRY\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /wd4530 /wd4506 /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\LEET STEALER\API\CRYPTER\SCRIPT\NODE_MODULES\NODE-GYP\SRC\WIN_DELAY_LOAD_HOOK.CC source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\PROFESSIONAL\VC\TOOLS\MSVC\14.42.34433\LIB\X64\LIBCPMT.AMD64.PDB source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: # See comment at cc_command for why there's two .pdb files. source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: Kameta Setup 1.0.0.exe, 00000000.00000003.1819905505.0000000005C30000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1816480721.0000000004C60000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1816700083.00000000054F0000.00000004.00001000.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeCode function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004059CC
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeCode function: 0_2_004065FD FindFirstFileW,FindClose,0_2_004065FD
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Programs\unrealgameJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: chrome.exeMemory has grown: Private usage: 1MB later: 25MB
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 45.112.123.126 45.112.123.126
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: unknownTCP traffic detected without corresponding DNS query: 38.172.200.46
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748395496.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748589484.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: * **Google Hangouts Video**: http://www.youtube.com/watch?v=I9nDOSGfwZg equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: api.gofile.io
Source: global trafficDNS traffic detected: DNS query: file.io
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1085
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1452
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1452expandIntegerPowExpressionsThe
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1512
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1637
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1936
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2046
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2152
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2152skipVSConstantRegisterZeroIn
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2273
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2894
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2978
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3027
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3045
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3246
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3246allowClearForRobustResourceInitSome
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3682
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3682allowES3OnFL100Allow
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3729
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3997
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4214
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4267
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4646
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/482
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007disableDrawBuffersIndexedDisable
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5469
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5577
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658forceGlErrorCheckingForce
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750forceRobustResourceInitForce-enable
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041forceInitShaderVariablesForce-enable
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036Frontend
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279cacheCompiledShaderEnable
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7527
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724disableAnisotropicFilteringDisable
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/52560
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1874566297.0000000005236000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748395496.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748589484.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blog.izs.me/)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://blogs.msdn.com/b/vcblog/archive/2010/04/21/quick-help-on-vs2010-custom-build-rule.aspx
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue5752
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/576693/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/576694/.
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/chromium/issues/detail?id=76293
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/gyp/issues/detail?id=111):
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://code.google.com/p/gyp/issues/detail?id=122
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1094869
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/110263
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1144207
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1165751
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1165751disableProgramBinaryDisable
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1171371
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1181068
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/1181193
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/122592
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/142362.
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/241769
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/241769.
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/308366
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/333738.
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/35878
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/403957
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/550292
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/565179
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/642227
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/642605
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/644669
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/650547
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/672380
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/709351
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/797243
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/809422
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/830046
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/849576
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/883276
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/927470
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/941620
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crbug.com/941620allowTranslateUniformBlockToStructuredBufferThere
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://developer.apple.com/library/mac/#documentation/DeveloperTools/Reference/XcodeBuildSettingRef/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/2/library/collections.html#collections.OrderedDict
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://github.com/troygoode/)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/cuFbX
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/dhPnp
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://localhosthttp://127.0.0.1object-src
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://maxao.free.fr/xcode-plugin-interface/specifications.html
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://narwhaljs.org)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1872224054.0000000002D24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://primer.com
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://public.kitware.com/Bug/view.php?id=8392
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/1189781/using-make-dir-or-notdir-on-a-path-with-spaces
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/35817/whats-the-best-way-to-escape-ossystem-calls-in-python
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc2617#section-3
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5849#section-3.4.1.3.2
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://travis-ci.org/troygoode/node-require-directory)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1868257136.0000000004F2F000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748395496.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1868257136.0000000004F2F000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748395496.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.cmake.org/Bug/view.php?id=6493
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.cmake.org/pipermail/cmake/2010-July/038461.html
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748395496.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.futurealoof.com)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.gnu.org/software/make/manual/make.html#Syntax-of-Functions
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html#tag_02_02
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.apple.com/source/cctools/cctools-809/misc/libtool.c
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.php)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1732210928.0000000005E30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4674
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4849
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5140
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5536
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246enableCaptureLimitsSet
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7405
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7763
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://blog.izs.me)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://blueoakcouncil.org/license/1.0.0
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10201
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=3056
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=4118
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.fuchsia.dev/p/fuchsia/issues/detail?id=107106
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://choosealicense.com/licenses/mit/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1868871517.0000000002D21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=af&category=theme81https://myactivity.google.com/myactivity/?u
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1869107675.0000000002D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=bg&category=theme81https://myactivity.google.com/myactivity/?u
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1869620033.0000000002D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GB&category=theme81https://myactivity.google.com/myactivity
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1869799271.0000000002D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=es&category=theme81https://myactivity.google.com/myactivity/?u
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1869867645.0000000002D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=et&category=theme81https://myactivity.google.com/myactivity/?u
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1869939214.0000000002D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=fa&category=theme81https://myactivity.google.com/myactivity/?u
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1871366307.0000000002D24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=pt-BR&category=theme81https://myactivity.google.com/myactivity
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1871947503.0000000002D24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=ru&category=theme81https://myactivity.google.com/myactivity/?u
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1872224054.0000000002D24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=sl&category=theme81https://myactivity.google.com/myactivity/?u
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1872343570.0000000002D24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=sr&category=theme81https://myactivity.google.com/myactivity/?u
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1872458533.0000000002D24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=sv&category=theme81https://myactivity.google.com/myactivity/?u
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1872953595.0000000002D24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=th&category=theme81https://myactivity.google.com/myactivity/?u
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1873214356.0000000002D24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=uk&category=theme81https://myactivity.google.com/myactivity/?u
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromestatus.com/feature/5463833265045504.
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromestatus.com/feature/5463833265045504.Found
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromium.googlesource.com/angle/angle/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://code.google.com/p/gyp/issues/detail?id=411
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#clear
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#table
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1042393
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1046462
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1060012
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1091824
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1137851
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1300575
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/593024
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/593024selectViewInGeometryShaderThe
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/650547
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/650547callClearTwiceUsing
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/655534
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/655534useSystemMemoryForConstantBuffersCopying
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/705865
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/710443
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/811661
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/848952
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/v8/7848
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7231#section-6.4
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7238
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dev.twitter.com/docs/auth/creating-signature
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dev.twitter.com/docs/auth/oauth
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/PerformanceResourceTiming
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Equality_comparisons_and_sameness#Loose_equa
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-enqueue-a-chunk
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#encode-and-flush
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://eslint.org/docs/rules/no-buffer-constructor)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748395496.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748589484.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://feross.org
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://feross.org/opensource
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748395496.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748589484.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://feross.org/support
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fetch.spec.whatwg.org/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fetch.spec.whatwg.org/#fetch-timing-info
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/XVilka/8346728#gistcomment-2823421
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Rob--W/proxy-from-env#readme
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Rob--W/proxy-from-env.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/TroyGoode)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WICG/scheduling-apis
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/WebAssembly/esm-integration/issues/42
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/Yqnn/node-readdir-glob
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/addaleax/eventemitter-asyncresource
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/bagder/curl/blob/6beb0eee/lib/http.c#L710
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/bagder/curl/blob/master/lib/http_digest.c
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/braveg1rl/performance-now
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/calvinmetcalf/process-nextick-args
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/calvinmetcalf/process-nextick-args.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/supports-color
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalker/safer-buffer#why-not-safe-buffer)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chromium/chromium/blob/HEAD/third_party/blink/public/platform/web_crypto_algorith
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/da-x/rxvt-unicode/tree/v9.22-with-24bit-color
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/desktop/registry-js#readme
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/desktop/registry-js.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/dominictarr/rc.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748395496.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748589484.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/feross/safe-buffer
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.js
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/startSES.js
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/hapijs/qs
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/heycam/webidl/pull/946.
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/iojs/io.js/pull/253#issuecomment-69432616
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/color-support.
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/package-json-from-dist.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/isaacs/path-scurry
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jonschlinkert)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jonschlinkert/normalize-path
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyeecheung/node-dep-codemod#dep005)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1874566297.0000000005236000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748395496.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748589484.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node/commit/ccabd4a6fa8a6eb79d29bc3bbe9fe2b6531c2d8e
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ljharb/qs
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ljharb/qs.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/ljharb/qs/graphs/contributors)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1874566297.0000000005236000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748395496.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748589484.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1874566297.0000000005236000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748395496.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748589484.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/pump
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/queue-tick
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/queue-tick.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mapbox/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mapbox/node-pre-gyp/issues/119
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mapbox/node-pre-gyp/issues/124
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mapnik/node-mapnik/issues/262
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/martine/ninja/blob/master/misc/ninja_syntax.py
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mathiasbynens/punycode.js.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mikeal/oauth-sign
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mysticatea/abort-controller
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mysticatea/eslint-plugin-node/blob/master/docs/rules/no-deprecated-api.md)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/node-inspector/v8-profiler/blob/master/package.json#L25
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/Release#release-schedule)).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-gyp/issues
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/3e7a14381497a3b73dda68d05b5130563cdab420/lib/os.js#L25-L43
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/b3fcc245fb25539909ef1d5eaa01dbf92e168633/lib/path.js#L56
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/master/CONTRIBUTING.md
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/master/doc/guides/contributing/pull-requests.md#commit-message-g
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/master/lib/internal/errors.js
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/blob/master/lib/internal/per_context/primordials.js
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/10673
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/2119
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/3392
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/34532
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35452
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35475
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35862
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35981
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/39707
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/39758
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/13870#discussion_r124515293
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/1771#issuecomment-119351671
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/26334.
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/30380#issuecomment-552948364
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/30958
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/32887
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/33515.
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/3394
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34385
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/35941
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/35949#issuecomment-722496598
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/36061#discussion_r533718029
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/38248
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/38433#issuecomment-828426932
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/38614)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/43714
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/readable-stream
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748589484.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/nopt.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/npm-bundled.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/npm-normalize-package-bin
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/npm-packlist.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/npm/pull/4887)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/npmlog.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/npm/osenv
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/node-gyp-build
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/prebuild/node-gyp-build.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/request/request.git
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748395496.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748589484.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/feross
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748395496.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748589484.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/sponsors/isaacs
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/ecma262/blob/HEAD/LICENSE.md
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-iterator-helpers/issues/169
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-ses/blob/e5271cc42a257a05dcae2fd94713ed2f46c08620/shim/src/freeze.j
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-weakrefs
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/troygoode/node-require-directory/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-coff
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-machine-type
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-machine-type-descriptor
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-signature
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/vweevers/pe-signature-offset
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/t5IS6M).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#Replaceable
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#define-the-operations
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-class-string
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-interfaces
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-namespaces
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-operations
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaque
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/dom.html#custom-data-attribute.
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64-decode
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://invisible-island.net/ncurses/terminfo.ti.html#toc-_Specials
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903emulatePixelLocalStorageEmulate
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://izs.me)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://linux.die.net/man/1/dircolors).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lupomontero.com/)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lynx.invisible-island.net/lynx2.8.7/breakout/lynx_help/keystrokes/environments.html)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1874566297.0000000005236000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748395496.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748589484.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748395496.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mathiasbynens.be/notes/javascript-encoding
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mths.be/punycode
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://no-color.org/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodei.co/npm/require-directory.png?downloads=true&stars=true)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodei.co/npm/require-directory/)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html#fs_stat_time_values)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/util.html#utilformatformat-args
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/util.html#utilinspectobject-options
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/docs/latest/api/fs.html#class-fsdirent
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v18.12.1/node-v18.12.1-headers.tar.gz
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v18.12.1/node-v18.12.1.tar.gz
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v18.12.1/node-v18.12.1.tar.gzhttps://nodejs.org/download/release
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/download/release/v18.12.1/win-x64/node.lib
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://npm.taobao.org/mirrors/node-inspector/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://npmjs.org/package/require-directory))
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1869939214.0000000002D23000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1868973610.0000000002D23000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1869041046.0000000002D23000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1873367206.0000000002D24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://passwords.google.com
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1872343570.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1869620033.0000000002D23000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1873696598.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1869675577.0000000002D23000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1873875726.0000000002D24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://passwords.google.comGoogle
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1872224054.0000000002D24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://primer.com.Uporaba
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://robwu.nl/)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://secure.travis-ci.org/troygoode/node-require-directory.png)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://source.chromium.org/chromium/chromium/src/
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourcemaps.info/spec.html
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://streams.spec.whatwg.org/#example-manual-write-with-backpressure
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1868871517.0000000002D21000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1869799271.0000000002D23000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1872736333.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1870274413.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1870883792.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1870693300.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1870210436.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1871201394.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1870822339.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1869541186.0000000002D23000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1873130918.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1873696598.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1870339693.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1869325429.0000000002D23000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1870481391.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1871756252.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1870641859.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1869729983.0000000002D23000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1872831929.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1871257948.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1869675577.0000000002D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/a/?p=block_warn
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1872953595.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1872458533.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1869107675.0000000002D23000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1872343570.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1871947503.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1873214356.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1869620033.0000000002D23000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1871366307.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1872584595.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1870535530.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1871006440.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1869939214.0000000002D23000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1869867645.0000000002D23000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1872224054.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1868871517.0000000002D21000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1872736333.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1870274413.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1868973610.0000000002D23000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1870883792.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1871139747.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1870693300.0000000002D24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6098869
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1869799271.0000000002D23000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6098869?hl=es
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-%typedarray%-intrinsic-object
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-timeclip
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#table-typeof-operator-results
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-%iteratorprototype%-object
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-object.prototype.tostring
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tidelift.com/security).
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748395496.0000000006840000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3492#section-3.4
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc6455#section-1.3
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.2
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7540#section-8.1.2.5
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/intent/user?screen_name=troygoode)
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/isntitvacant/status/1131094910923231232
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#cannot-have-a-username-password-port
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-url-origin
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#forbidden-host-code-point
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#special-scheme
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#url
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#url-serializing
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://v8.dev/blog/v8-release-89
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/resource-timing/#dfn-mark-resource-timing
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/resource-timing/#dfn-setup-the-resource-timing-entry
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/resource-timing/#dom-performance-setresourcetimingbuffersize
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webassembly.github.io/spec/web-api
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#es-dictionary
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-line-terminators
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/#sec-promise.all
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.npmjs.com/package/npm-packlist
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748395496.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748589484.0000000006C40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.patreon.com/feross
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8288.html#section-3
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeCode function: 0_2_00405461 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405461
Source: Conhost.exeProcess created: 111
Source: conhost.exeProcess created: 78
Source: cmd.exeProcess created: 124

System Summary

barindex
Drops large PE files
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile dump: KametaSetup.exe.0.dr 162028032Jump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile dump: KametaSetup.exe0.0.dr 162028032Jump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeCode function: 0_2_00406B150_2_00406B15
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeCode function: 0_2_004072EC0_2_004072EC
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeCode function: 0_2_00404C9E0_2_00404C9E
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeProcess token adjusted: SecurityJump to behavior
Source: libEGL.dll.0.drStatic PE information: Number of sections : 12 > 10
Source: KametaSetup.exe0.0.drStatic PE information: Number of sections : 16 > 10
Source: KametaSetup.exe.0.drStatic PE information: Number of sections : 16 > 10
Source: libGLESv2.dll.0.drStatic PE information: Number of sections : 12 > 10
Source: vk_swiftshader.dll.0.drStatic PE information: Number of sections : 12 > 10
Source: vulkan-1.dll.0.drStatic PE information: Number of sections : 12 > 10
Source: ffmpeg.dll0.0.drStatic PE information: Number of sections : 11 > 10
Source: ffmpeg.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevk_swiftshader.dll, vs Kameta Setup 1.0.0.exe
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dllb! vs Kameta Setup 1.0.0.exe
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1868092159.0000000004F23000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dllb! vs Kameta Setup 1.0.0.exe
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820501994.0000000006EC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename8 vs Kameta Setup 1.0.0.exe
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1752338051.00000000069A0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs Kameta Setup 1.0.0.exe
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1868626155.0000000004F2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevk_swiftshader.dll, vs Kameta Setup 1.0.0.exe
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1822603272.0000000004F23000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamed3dcompiler_47.dllj% vs Kameta Setup 1.0.0.exe
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1874809314.0000000002D25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameElevate.exeH vs Kameta Setup 1.0.0.exe
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1830789369.000000000523E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename8 vs Kameta Setup 1.0.0.exe
Source: Kameta Setup 1.0.0.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: sln_path = build_file_root + options.suffix + '.sln'
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: sln_path = os.path.splitext(build_file)[0] + options.suffix + '.sln'
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: """Generate .sln and .vcproj files.
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: # GUID is the same whether it's included from base/base.sln or
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: # foo/bar/baz/baz.sln.
Source: classification engineClassification label: mal88.troj.spyw.evad.winEXE@722/218@8/7
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeCode function: 0_2_00404722 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404722
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeCode function: 0_2_00402104 CoCreateInstance,0_2_00402104
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8952:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8664:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7992:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7364:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8084:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7260:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5472:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8140:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7384:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8372:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8768:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7496:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6960:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2304:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8032:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7264:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7196:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9184:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8124:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7984:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7204:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4544:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7996:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7860:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7488:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7216:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8568:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7608:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7560:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6676:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7636:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8500:120:WilError_03
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeMutant created: \Sessions\1\BaseNamedObjects\7f8d2dd2-ffce-55a8-ade7-0b57674516b0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8072:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8044:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3848:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7292:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7564:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5356:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7280:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9088:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5436:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7484:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7288:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7820:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7472:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7944:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7888:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7392:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7696:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7516:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7832:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7368:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6640:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7504:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7640:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7900:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7776:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3916:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7844:120:WilError_03
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nstB2D1.tmpJump to behavior
Source: Kameta Setup 1.0.0.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;KAMETASETUP.EXE&apos;
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;chrome.exe&quot;)
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;msedge.exe&quot;)
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;chrome.exe&quot;)
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;kometa.exe&quot;)
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;centbrowser.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;7star.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;msedge.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;kometa.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;opera.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;firefox.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;brave.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;uran.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;orbitum.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;epicprivacybrowser.exe&quot;)
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;uran.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;iridium.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;vivaldi.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;sputnik.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;yandex.exe&quot;)
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;yandex.exe&quot;)
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;MSEDGE.EXE&apos;
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;CHROME.EXE&apos;
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;IEXPLORE.EXE&apos;
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;FIREFOX.EXE&apos;
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;IEXPLORE.EXE&apos;
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;IEXPLORE.EXE&apos;
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;firefox.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;opera.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;msedge.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;brave.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;chrome.exe&quot;)
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;vivaldi.exe&quot;)
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;brave.exe&quot;)
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;orbitum.exe&quot;)
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;uran.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;orbitum.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;kometa.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;centbrowser.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;7star.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;sputnik.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;vivaldi.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;epicprivacybrowser.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;yandex.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;uran.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;iridium.exe&quot;)
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;IEXPLORE.EXE&apos;
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;IEXPLORE.EXE&apos;
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;CHROME.EXE&apos;
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;FIREFOX.EXE&apos;
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;MSEDGE.EXE&apos;
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;IEXPLORE.EXE&apos;
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;kometa.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;chrome.exe&quot;)
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;Steam.exe&quot;)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;centbrowser.exe&quot;)
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;msedge.exe&quot;)
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: Kameta Setup 1.0.0.exeVirustotal: Detection: 7%
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile read: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\Kameta Setup 1.0.0.exe "C:\Users\user\Desktop\Kameta Setup 1.0.0.exe"
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq KametaSetup.exe" | %SYSTEMROOT%\System32\find.exe "KametaSetup.exe"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq KametaSetup.exe"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe C:\Windows\System32\find.exe "KametaSetup.exe"
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 --field-trial-handle=2188,i,5456543408629399747,16697329975367127579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=1208 --field-trial-handle=2188,i,5456543408629399747,16697329975367127579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2052 --field-trial-handle=2012,i,14256643865995858684,9263389117564715630,262144 /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2072 --field-trial-handle=1972,i,2766285570963821738,1807897661508393279,262144 /prefetch:3
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\tasklist.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\taskkill.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\taskkill.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\Conhost.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\taskkill.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\taskkill.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\taskkill.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq KametaSetup.exe" | %SYSTEMROOT%\System32\find.exe "KametaSetup.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq KametaSetup.exe" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe C:\Windows\System32\find.exe "KametaSetup.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 --field-trial-handle=2188,i,5456543408629399747,16697329975367127579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=1208 --field-trial-handle=2188,i,5456543408629399747,16697329975367127579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get nameJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get nameJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\find.exeSection loaded: ulib.dllJump to behavior
Source: C:\Windows\SysWOW64\find.exeSection loaded: fsutilext.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: ffmpeg.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: mscms.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: mpclient.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: secur32.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sspicli.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: version.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: msasn1.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: userenv.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: gpapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wbemcomn.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: amsi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: profapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: wscapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: urlmon.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: iertutil.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: srvcli.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: netutils.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: slc.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exeSection loaded: sppc.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dxgi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: mf.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: mfplat.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: rtworkq.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: msmpeg2vdec.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: mfperfhelper.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dxva2.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: msvproc.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dwmapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: ffmpeg.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeSection loaded: dwrite.dll
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq KametaSetup.exe"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7f8d2dd2-ffce-55a8-ade7-0b57674516b0Jump to behavior
Source: Kameta Setup 1.0.0.exeStatic file information: File size 79764652 > 1048576
Source: Kameta Setup 1.0.0.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: pdb_base = '%s.%s.pdb' % (pdb_base, TARGET_TYPE_EXT[target_dict['type']]) source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\USERS\ADMINISTRATOR\DESKTOP\LEET STEALER\API\CRYPTER\SCRIPT\NODE_MODULES\REGISTRY-JS\BUILD\RELEASE\REGISTRY.PDB source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: pdb = self.GetPDBName(config, expand_special, output_name + '.pdb') source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\Dev\elevate\bin\x86\Release\Elevate.pdb source: Kameta Setup 1.0.0.exe, 00000000.00000003.1874809314.0000000002D25000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: # the .pdb by the precompiled header step for .cc and the compilation of source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: - Use '<(PRODUCT_DIR)/<(product_name).(exe|dll).pdb' if 'product_name' is source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: 'ProgramDatabaseFile': 'Flob.pdb', source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: - Use '<(PRODUCT_DIR)/<(target_name).(exe|dll).pdb'. source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\a\registry-js\registry-js\build\Release\registry.pdb source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\ffmpeg.dll.pdb source: Kameta Setup 1.0.0.exe, 00000000.00000003.1823957007.0000000004F24000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /OUT:"C:\USERS\ADMINISTRATOR\DESKTOP\LEET STEALER\API\CRYPTER\SCRIPT\NODE_MODULES\REGISTRY-JS\BUILD\RELEASE\REGISTRY.NODE" /INCREMENTAL:NO /NOLOGO KERNEL32.LIB USER32.LIB GDI32.LIB WINSPOOL.LIB COMDLG32.LIB ADVAPI32.LIB SHELL32.LIB OLE32.LIB OLEAUT32.LIB UUID.LIB ODBC32.LIB DELAYIMP.LIB "C:\\USERS\\ADMINISTRATOR\\APPDATA\\LOCAL\\NODE-GYP\\CACHE\\18.17.0\\X64\\NODE.LIB" DELAYIMP.LIB /DELAYLOAD:NODE.EXE /MANIFEST /MANIFESTUAC:"level='asInvoker' uiAccess='false'" /manifest:embed /DEBUG /PDB:"C:\USERS\ADMINISTRATOR\DESKTOP\LEET STEALER\API\CRYPTER\SCRIPT\NODE_MODULES\REGISTRY-JS\BUILD\RELEASE\REGISTRY.PDB" /OPT:REF /OPT:ICF /TLBID:1 /DYNAMICBASE /NXCOMPAT /MACHINE:X64 /LTCG:INCREMENTAL /ignore:4199 /DLL RELEASE\OBJ\REGISTRY\WIN_DELAY_LOAD_HOOK.OBJ source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\libGLESv2.dll.pdb source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: config_name, self.ExpandSpecial, output + '.pdb') source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: '$(IntDir)$(ProjectName)\\vc80.pdb', only_if_unset=True) source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: 'ProgramDataBaseFileName': '$(IntDir)\\vc90b.pdb', source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: pdbpath_cc = pdbpath + '.cc.pdb' source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: pdbpath_c = pdbpath + '.c.pdb' source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\PROFESSIONAL\VC\TOOLS\MSVC\14.42.34433\LIB\X64\LIBCMT.AMD64.PDB source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdb source: Kameta Setup 1.0.0.exe, 00000000.00000003.1822603272.0000000004F23000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: config_name, self.ExpandSpecial, output + '.pdb') source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\node-sqlite3\build\Release\node_sqlite3.pdb source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D3DCompiler_47.pdbGCTL source: Kameta Setup 1.0.0.exe, 00000000.00000003.1822603272.0000000004F23000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 'ProgramDataBaseFileName': '$(IntDir)vc90b.pdb', source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vk_swiftshader.dll.pdb source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1868626155.0000000004F2E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\SRC" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\DEPS\V8\INCLUDE" /I"..\NODE_MODULES\NODE-ADDON-API" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=registry /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=9 /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\REGISTRY\\SRC\MAIN.OBJ" /Fd"RELEASE\OBJ\REGISTRY\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /wd4530 /wd4506 /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\LEET STEALER\API\CRYPTER\SCRIPT\NODE_MODULES\REGISTRY-JS\SRC\MAIN.CC source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\PROFESSIONAL\VC\TOOLS\MSVC\14.42.34433\LIB\X64\LIBVCRUNTIME.AMD64.PDB source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: D:\a\win-version-info\win-version-info\build\Release\VersionInfo.pdb source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748395496.0000000006840000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: /c /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\INCLUDE\NODE" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\SRC" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\DEPS\OPENSSL\CONFIG" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\DEPS\OPENSSL\OPENSSL\INCLUDE" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\DEPS\UV\INCLUDE" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\DEPS\ZLIB" /I"C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\NODE-GYP\CACHE\18.17.0\DEPS\V8\INCLUDE" /I"..\NODE_MODULES\NODE-ADDON-API" /Z7 /nologo /W3 /WX- /diagnostics:column /Ox /Ob2 /Oi /Ot /Oy /GL /D NODE_GYP_MODULE_NAME=registry /D USING_UV_SHARED=1 /D USING_V8_SHARED=1 /D V8_DEPRECATION_WARNINGS=1 /D V8_DEPRECATION_WARNINGS /D V8_IMMINENT_DEPRECATION_WARNINGS /D _GLIBCXX_USE_CXX11_ABI=1 /D WIN32 /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _HAS_EXCEPTIONS=0 /D OPENSSL_NO_PINSHARED /D OPENSSL_THREADS /D NAPI_VERSION=9 /D BUILDING_NODE_EXTENSION /D "HOST_BINARY=\"node.exe\"" /D _WINDLL /GF /Gm- /EHsc /MT /GS /Gy /fp:precise /Zc:wchar_t /Zc:forScope /Zc:inline /GR- /Fo"RELEASE\OBJ\REGISTRY\\" /Fd"RELEASE\OBJ\REGISTRY\VC143.PDB" /external:W3 /Gd /TP /wd4351 /wd4355 /wd4800 /wd4251 /wd4275 /wd4244 /wd4267 /wd4530 /wd4506 /FC /Zc:__cplusplus -std:c++17 C:\USERS\ADMINISTRATOR\DESKTOP\LEET STEALER\API\CRYPTER\SCRIPT\NODE_MODULES\NODE-GYP\SRC\WIN_DELAY_LOAD_HOOK.CC source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\2022\PROFESSIONAL\VC\TOOLS\MSVC\14.42.34433\LIB\X64\LIBCPMT.AMD64.PDB source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: # See comment at cc_command for why there's two .pdb files. source: Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: C:\projects\src\out\Default\vulkan-1.dll.pdb source: Kameta Setup 1.0.0.exe, 00000000.00000003.1819905505.0000000005C30000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1816480721.0000000004C60000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1816700083.00000000054F0000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

barindex
Suspicious powershell command line found
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: ffmpeg.dll.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll.0.drStatic PE information: section name: .retplne
Source: ffmpeg.dll.0.drStatic PE information: section name: .voltbl
Source: ffmpeg.dll.0.drStatic PE information: section name: _RDATA
Source: KametaSetup.exe.0.drStatic PE information: section name: .00cfg
Source: KametaSetup.exe.0.drStatic PE information: section name: .gxfg
Source: KametaSetup.exe.0.drStatic PE information: section name: .retplne
Source: KametaSetup.exe.0.drStatic PE information: section name: .rodata
Source: KametaSetup.exe.0.drStatic PE information: section name: .voltbl
Source: KametaSetup.exe.0.drStatic PE information: section name: CPADinfo
Source: KametaSetup.exe.0.drStatic PE information: section name: LZMADEC
Source: KametaSetup.exe.0.drStatic PE information: section name: _RDATA
Source: KametaSetup.exe.0.drStatic PE information: section name: malloc_h
Source: libEGL.dll.0.drStatic PE information: section name: .00cfg
Source: libEGL.dll.0.drStatic PE information: section name: .gxfg
Source: libEGL.dll.0.drStatic PE information: section name: .retplne
Source: libEGL.dll.0.drStatic PE information: section name: .voltbl
Source: libEGL.dll.0.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll.0.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll.0.drStatic PE information: section name: .retplne
Source: libGLESv2.dll.0.drStatic PE information: section name: .voltbl
Source: libGLESv2.dll.0.drStatic PE information: section name: _RDATA
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll.0.drStatic PE information: section name: .voltbl
Source: vk_swiftshader.dll.0.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll.0.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll.0.drStatic PE information: section name: .retplne
Source: vulkan-1.dll.0.drStatic PE information: section name: .voltbl
Source: vulkan-1.dll.0.drStatic PE information: section name: _RDATA
Source: ffmpeg.dll0.0.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll0.0.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll0.0.drStatic PE information: section name: .retplne
Source: ffmpeg.dll0.0.drStatic PE information: section name: .voltbl
Source: ffmpeg.dll0.0.drStatic PE information: section name: _RDATA
Source: KametaSetup.exe0.0.drStatic PE information: section name: .00cfg
Source: KametaSetup.exe0.0.drStatic PE information: section name: .gxfg
Source: KametaSetup.exe0.0.drStatic PE information: section name: .retplne
Source: KametaSetup.exe0.0.drStatic PE information: section name: .rodata
Source: KametaSetup.exe0.0.drStatic PE information: section name: .voltbl
Source: KametaSetup.exe0.0.drStatic PE information: section name: CPADinfo
Source: KametaSetup.exe0.0.drStatic PE information: section name: LZMADEC
Source: KametaSetup.exe0.0.drStatic PE information: section name: _RDATA
Source: KametaSetup.exe0.0.drStatic PE information: section name: malloc_h
Source: b392957b-4ff5-4378-8506-05f7ec588e9f.tmp.node.6.drStatic PE information: section name: _RDATA
Source: 4a9c2010-35c8-4393-942c-15e481873128.tmp.node.6.drStatic PE information: section name: .didat
Source: 4a9c2010-35c8-4393-942c-15e481873128.tmp.node.6.drStatic PE information: section name: .00cfg
Source: 4a9c2010-35c8-4393-942c-15e481873128.tmp.node.6.drStatic PE information: section name: _RDATA
Source: 7aaf3dde-09fa-49d0-88e8-53e6e9603ea9.tmp.node.6.drStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\ffmpeg.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeFile created: C:\Users\user\AppData\Local\Temp\d343d789-d963-4936-b357-2cb8e482c52e.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeFile created: C:\Users\user\AppData\Local\Temp\b392957b-4ff5-4378-8506-05f7ec588e9f.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeFile created: C:\Users\user\AppData\Local\Temp\4a9c2010-35c8-4393-942c-15e481873128.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeFile created: C:\Users\user\AppData\Local\Temp\7aaf3dde-09fa-49d0-88e8-53e6e9603ea9.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\KametaSetup.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeFile created: C:\Users\user\AppData\Local\Temp\b392957b-4ff5-4378-8506-05f7ec588e9f.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeFile created: C:\Users\user\AppData\Local\Temp\d343d789-d963-4936-b357-2cb8e482c52e.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeFile created: C:\Users\user\AppData\Local\Temp\4a9c2010-35c8-4393-942c-15e481873128.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeFile created: C:\Users\user\AppData\Local\Temp\7aaf3dde-09fa-49d0-88e8-53e6e9603ea9.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Local\Programs\unrealgame\LICENSE.electron.txtJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KametaSetup.lnkJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\find.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\find.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3123
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2798
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3271
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 825
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2212
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1490
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3194
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\libEGL.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\resources\elevate.exeJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\StdUtils.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\nsis7z.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\d343d789-d963-4936-b357-2cb8e482c52e.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\b392957b-4ff5-4378-8506-05f7ec588e9f.tmp.nodeJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\SpiderBanner.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\vulkan-1.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\System.dllJump to dropped file
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\4a9c2010-35c8-4393-942c-15e481873128.tmp.nodeJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\7aaf3dde-09fa-49d0-88e8-53e6e9603ea9.tmp.nodeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8908Thread sleep count: 3123 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8912Thread sleep count: 2798 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8940Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8880Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7812Thread sleep count: 3271 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3796Thread sleep count: 825 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8164Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1144Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8612Thread sleep count: 2212 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8652Thread sleep count: 1490 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3620Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8188Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7536Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8964Thread sleep count: 3194 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8760Thread sleep count: 221 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7176Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 9008Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\Conhost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SMBIOSBIOSVersion FROM Win32_BIOS
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeCode function: 0_2_004059CC GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004059CC
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeCode function: 0_2_004065FD FindFirstFileW,FindClose,0_2_004065FD
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\Programs\unrealgameJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeFile opened: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ADD tools/docker/architecture/linux-arm64/local/qemu-aarch64-static /usr/bin/qemu-aarch64-static
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1874941285.0000000002B47000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: en_NECVMWar&Prod_VMware_T
Source: Kameta Setup 1.0.0.exe, 00000000.00000002.1923696792.0000000000618000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: cp -a "/usr/bin/qemu-${arch}-static" "${this_dir}/local"
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: IIAMDARMAppleBroadcomGoogleIntelMesaMicrosoftNVIDIAImagination TechnologiesQualcommSamsung Electronics Co., Ltd.VivanteVMwareTestX
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1823957007.0000000004F24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmncVMware Screen Codec / VMware Videovp5On2 VP5vp6On2 VP6vp6fOn2 VP6 (Flash version)targaTruevision Targa imageimage/x-targaimage/x-tga
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: (IsLinux() && isVMWare) || (IsAndroid() && isNvidia) || (IsAndroid() && GetAndroidSdkLevel() < 27 && IsAdreno5xxOrOlder(functions)) || (IsAndroid() && IsMaliT8xxOrOlder(functions)) || (IsAndroid() && IsMaliG31OrOlder(functions))
Source: Kameta Setup 1.0.0.exe, 00000000.00000003.1823957007.0000000004F24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Screen Codec / VMware Video
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeAPI call chain: ExitProcess graph end nodegraph_0-3407
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\SysWOW64\tasklist.exeProcess token adjusted: DebugJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Excessive usage of taskkill to terminate processes
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq KametaSetup.exe" | %SYSTEMROOT%\System32\find.exe "KametaSetup.exe"Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\tasklist.exe tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq KametaSetup.exe" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\find.exe C:\Windows\System32\find.exe "KametaSetup.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 --field-trial-handle=2188,i,5456543408629399747,16697329975367127579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe "C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=1208 --field-trial-handle=2188,i,5456543408629399747,16697329975367127579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get nameJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get nameJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenableJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get nameJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversionJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversionJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:listJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get nameJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq msedge.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq iexplore.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq firefox.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq chrome.exe"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get smbiosbiosversion
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic MemoryChip get /format:list
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i "Speed"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /FJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /FJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM msedge.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM brave.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM firefox.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM opera.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM kometa.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM orbitum.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM centbrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM 7star.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM sputnik.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM vivaldi.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM epicprivacybrowser.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM uran.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM yandex.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM iridium.exe /F
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /IM chrome.exe /F
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe "c:\users\user\appdata\local\programs\unrealgame\kametasetup.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=2072 --field-trial-handle=2188,i,5456543408629399747,16697329975367127579,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe "c:\users\user\appdata\local\programs\unrealgame\kametasetup.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --mojo-platform-channel-handle=1208 --field-trial-handle=2188,i,5456543408629399747,16697329975367127579,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe "c:\users\user\appdata\local\programs\unrealgame\kametasetup.exe" --type=gpu-process --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --gpu-preferences=uaaaaaaaaadgaaayaaaaaaaaaaaaaaaaaabgaaaaaaawaaaaaaaaaaaaaaaqaaaaaaaaaaaaaaaaaaaaaaaaaegaaaaaaaaasaaaaaaaaaayaaaaagaaabaaaaaaaaaagaaaaaaaaaaqaaaaaaaaaaaaaaaoaaaaeaaaaaaaaaabaaaadgaaaagaaaaaaaaacaaaaaaaaaa= --mojo-platform-channel-handle=2072 --field-trial-handle=2188,i,5456543408629399747,16697329975367127579,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:2Jump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe "c:\users\user\appdata\local\programs\unrealgame\kametasetup.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --user-data-dir="c:\users\user\appdata\roaming\unrealgame" --mojo-platform-channel-handle=1208 --field-trial-handle=2188,i,5456543408629399747,16697329975367127579,131072 --disable-features=sparerendererforsiteperprocess,winretrievesuggestionsonlyondemand /prefetch:8Jump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\xvqbjcbdhoq4 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\xvqbjcbdhoq4\Autofill VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\xvqbjcbdhoq4\Passwords VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\xvqbjcbdhoq4\Autofill VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\xvqbjcbdhoq4\Cookies VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\xvqbjcbdhoq4 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\xvqbjcbdhoq4 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\xvqbjcbdhoq4\Autofill VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\xvqbjcbdhoq4\Cookies VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Program Files\Google\Chrome\Application\chrome.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\AutofillStates VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CertificateRevocation VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Crowd Deny VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\FileTypePolicies VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\First Run VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\first_party_sets.db VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\first_party_sets.db-journal VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\hyphen-data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OptimizationGuidePredictionModels VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OptimizationHints VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OriginTrials VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\PKIMetadata VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\pnacl VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Safe Browsing VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\First Run VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\FirstLaunchAfterInstallation VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\OriginTrials VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\RecoveryImproved VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\chrome_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\Downloads VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files-Cy9pRN VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files-Cy9pRN VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files-Cy9pRN VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\all-files.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0196354653 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0196354653 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0353475199 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0353475199 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0450125302 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0450125302 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0518291756 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0518291756 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0615447233 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0653671941 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0653671941 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\0666563528 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1033868256 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1141274626 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1169381505 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1169381505 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1343496627 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1343496627 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1387277564 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1387277564 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1417002460 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1417002460 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1422339599 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\18e190413af045db88dfbd29609eb877.db VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2265332024 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2265465471 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2385760553 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\3013890265 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\3024948866 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\3580751004 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\3580751004 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\3643399760 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\3643399760 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\3677062445 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\3677062445 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4054640694 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4054640694 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4458179343 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4458179343 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4683256203 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4683256203 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\4736274156 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5622580005 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\6213653276 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\6213653276 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\6329227256 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\6750529025 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7245361316 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7457734050 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8300215382 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8416181845 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8492240360 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8492240360 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8552718761 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\8784112376 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9655434068 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9655434068 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\Adobe\Acrobat\DC VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-10-04 13-00-50-743.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2023-10-04 13-01-22-078.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat\DC\SearchEmbdIndex VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Chromium_Cookies.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696334775820156800_6EB929AF-656E-4F43-9731-EA7753E1F1BD.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696334775820156800_6EB929AF-656E-4F43-9731-EA7753E1F1BD.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696334923056622400_BD966DD2-7850-423A-B1D8-7882CE1A6D15.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696417118050662300_8475A8C9-2447-4BC4-8E46-350AA0582B94.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App1696417118050662300_8475A8C9-2447-4BC4-8E46-350AA0582B94.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App_1696413198165042300_AA3FCB9C-CF1A-4407-8A94-A7D6C220021F.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Diagnostics\EXCEL\App_1696413198165042300_AA3FCB9C-CF1A-4407-8A94-A7D6C220021F.log VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\edge_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\edge_default_Cookies.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Low VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\pingme.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\pingme.txt VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\symsrv.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\symsrv.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp3ED4.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmp3ED4.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\wct150C.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\wct150C.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\wct33D7.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Users\user\AppData\Local\Temp\wct3D66.tmp VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\Desktop\Kameta Setup 1.0.0.exeCode function: 0_2_0040338F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,CoUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040338F
Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior

Remote Access Functionality

barindex
Attempt to bypass Chrome Application-Bound Encryption
Source: C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		11
Disable or Modify Tools		1
OS Credential Dumping		3
File and Directory Discovery		Remote Services1
Archive Collected Data		11
Encrypted Channel		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter		1
Windows Service		1
Extra Window Memory Injection		1
DLL Side-Loading		LSASS Memory35
System Information Discovery		Remote Desktop Protocol1
Data from Local System		1
Remote Access Software		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
PowerShell		1
Registry Run Keys / Startup Folder		1
Access Token Manipulation		1
Extra Window Memory Injection		Security Account Manager211
Security Software Discovery		SMB/Windows Admin Shares1
Clipboard Data		2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Windows Service		11
Masquerading		NTDS2
Process Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script11
Process Injection		121
Virtualization/Sandbox Evasion		LSA Secrets121
Virtualization/Sandbox Evasion		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
Registry Run Keys / Startup Folder		1
Access Token Manipulation		Cached Domain Credentials1
Application Window Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
Process Injection		DCSync1
Remote System Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1568018 Sample: Kameta Setup 1.0.0.exe Startdate: 04/12/2024 Architecture: WINDOWS Score: 88 83 file.io 2->83 85 api.gofile.io 2->85 109 Multi AV Scanner detection for submitted file 2->109 111 Drops large PE files 2->111 113 AI detected suspicious sample 2->113 115 Sigma detected: Rare Remote Thread Creation By Uncommon Source Image 2->115 10 KametaSetup.exe 19 2->10         started        15 Kameta Setup 1.0.0.exe 12 196 2->15         started        signatures3 process4 dnsIp5 87 file.io 143.244.215.221, 443, 49745, 49770 COGENT-174US United States 10->87 89 38.172.200.46, 443, 49737, 49740 COGENT-174US United States 10->89 91 2 other IPs or domains 10->91 67 d343d789-d963-4936...b8e482c52e.tmp.node, PE32+ 10->67 dropped 69 b392957b-4ff5-4378...f7ec588e9f.tmp.node, PE32+ 10->69 dropped 71 7aaf3dde-09fa-49d0...e6e9603ea9.tmp.node, PE32+ 10->71 dropped 73 4a9c2010-35c8-4393...e481873128.tmp.node, PE32+ 10->73 dropped 117 Attempt to bypass Chrome Application-Bound Encryption 10->117 119 Tries to harvest and steal browser information (history, passwords, etc) 10->119 121 Excessive usage of taskkill to terminate processes 10->121 17 cmd.exe 10->17         started        20 cmd.exe 10->20         started        22 cmd.exe 10->22         started        26 104 other processes 10->26 75 C:\Users\user\AppData\...\KametaSetup.exe, PE32+ 15->75 dropped 77 C:\Users\user\AppData\Local\...\nsis7z.dll, PE32 15->77 dropped 79 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 15->79 dropped 81 13 other files (none is malicious) 15->81 dropped 24 cmd.exe 1 15->24         started        file6 signatures7 process8 dnsIp9 101 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 17->101 103 Suspicious powershell command line found 17->103 105 Queries memory information (via WMI often done to detect virtual machines) 17->105 29 WMIC.exe 17->29         started        32 conhost.exe 17->32         started        107 Excessive usage of taskkill to terminate processes 20->107 34 taskkill.exe 20->34         started        36 conhost.exe 20->36         started        42 2 other processes 22->42 38 conhost.exe 24->38         started        44 2 other processes 24->44 93 chrome.cloudflare-dns.com 172.64.41.3, 443, 49754, 49756 CLOUDFLARENETUS United States 26->93 95 239.255.255.250 unknown Reserved 26->95 40 find.exe 26->40         started        46 124 other processes 26->46 signatures10 process11 dnsIp12 123 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 34->123 125 Queries memory information (via WMI often done to detect virtual machines) 34->125 49 Conhost.exe 34->49         started        51 Conhost.exe 36->51         started        97 www.google.com 172.217.21.36, 443, 49748, 49749 GOOGLEUS United States 46->97 99 ntp.msn.com 46->99 53 Conhost.exe 46->53         started        55 Conhost.exe 46->55         started        57 Conhost.exe 46->57         started        59 10 other processes 46->59 signatures13 process14 process15 61 Conhost.exe 53->61         started        63 Conhost.exe 53->63         started        65 Conhost.exe 55->65         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Kameta Setup 1.0.0.exe7%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe1%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Programs\unrealgame\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Programs\unrealgame\ffmpeg.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\4a9c2010-35c8-4393-942c-15e481873128.tmp.node0%ReversingLabs
C:\Users\user\AppData\Local\Temp\4a9c2010-35c8-4393-942c-15e481873128.tmp.node0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\7aaf3dde-09fa-49d0-88e8-53e6e9603ea9.tmp.node0%ReversingLabs
C:\Users\user\AppData\Local\Temp\b392957b-4ff5-4378-8506-05f7ec588e9f.tmp.node0%ReversingLabs
C:\Users\user\AppData\Local\Temp\d343d789-d963-4936-b357-2cb8e482c52e.tmp.node0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\KametaSetup.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\d3dcompiler_47.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\ffmpeg.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\libEGL.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\libGLESv2.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\resources\elevate.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\vk_swiftshader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\vulkan-1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\SpiderBanner.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\StdUtils.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\nsExec.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\nsis7z.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
file.io
143.244.215.221
truefalse
    		high
    chrome.cloudflare-dns.com
    		172.64.41.3
    		truefalse
      		high
      www.google.com
      		172.217.21.36
      		truefalse
        		high
        api.gofile.io
        		45.112.123.126
        		truefalse
          		high
          ntp.msn.com
          		unknown
          		unknownfalse
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://url.spec.whatwg.org/#concept-url-originKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
              https://tools.ietf.org/html/rfc6455#section-1.3Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                https://support.google.com/chrome/answer/6098869Kameta Setup 1.0.0.exe, 00000000.00000003.1872953595.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1872458533.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1869107675.0000000002D23000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1872343570.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1871947503.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1873214356.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1869620033.0000000002D23000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1871366307.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1872584595.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1870535530.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1871006440.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1869939214.0000000002D23000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1869867645.0000000002D23000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1872224054.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1868871517.0000000002D21000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1872736333.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1870274413.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1868973610.0000000002D23000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1870883792.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1871139747.0000000002D24000.00000004.00000020.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1870693300.0000000002D24000.00000004.00000020.00020000.00000000.sdmpfalse
                  http://anglebug.com/4633Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                    https://github.com/Yqnn/node-readdir-globKameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpfalse
                      https://anglebug.com/7382Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                        http://crbug.com/122592Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpfalse
                          https://github.com/nodejs/node/pull/35941Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpfalse
                            https://console.spec.whatwg.org/#tableKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                              https://secure.travis-ci.org/troygoode/node-require-directory.png)Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpfalse
                                https://encoding.spec.whatwg.org/#textencoderKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                  https://www.patreon.com/ferossKameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748395496.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748589484.0000000006C40000.00000004.00001000.00020000.00000000.sdmpfalse
                                    https://github.com/tc39/proposal-weakrefsKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                      https://goo.gl/t5IS6M).Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                        http://crbug.com/110263Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                          https://github.com/google/caja/blob/HEAD/src/com/google/caja/ses/repairES5.jsKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                            https://tc39.github.io/ecma262/#sec-%iteratorprototype%-objectKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                              https://url.spec.whatwg.org/#concept-urlencoded-serializerKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                http://anglebug.com/6929Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3FKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    https://github.com/jonschlinkert/normalize-pathKameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      https://nodejs.org/api/fs.htmlKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        https://npmjs.org/package/require-directory))Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          https://github.com/prebuild/node-gyp-buildKameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            https://github.com/nodejs/node/pull/21313Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              https://anglebug.com/7246Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                https://anglebug.com/7369Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  https://anglebug.com/7489Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    https://primer.com.UporabaKameta Setup 1.0.0.exe, 00000000.00000003.1872224054.0000000002D24000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      https://crbug.com/593024Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        http://www.midnight-commander.org/browser/lib/tty/key.cKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          https://nodejs.org/Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            https://tools.ietf.org/html/rfc7540#section-8.1.2.5Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              http://www.squid-cache.org/Doc/config/half_closed_clients/Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                https://tc39.es/ecma262/#sec-timeclipKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  https://chrome.google.com/webstore?hl=en-GB&category=theme81https://myactivity.google.com/myactivityKameta Setup 1.0.0.exe, 00000000.00000003.1869620033.0000000002D23000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    https://issuetracker.google.com/161903006Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      https://nodei.co/npm/require-directory/)Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        http://127.0.0.1Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          https://crbug.com/1300575Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            https://github.com/nodejs/node/pull/33661Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              https://github.com/mathiasbynens/punycode.js.gitKameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                https://crbug.com/710443Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  http://narwhaljs.org)Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    https://code.google.com/p/gyp/issues/detail?id=411Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      https://github.com/nodejs/readable-streamKameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        https://github.com/WICG/scheduling-apisKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          https://crbug.com/1060012Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            http://localhosthttp://127.0.0.1object-srcKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              https://code.google.com/p/chromium/issues/detail?id=25916Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                https://github.com/ljharb/qs.gitKameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  http://www.opensource.org/licenses/mit-license.php)Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    https://github.com/isaacs/path-scurryKameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      http://anglebug.com/3997Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        http://anglebug.com/4722Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          http://crbug.com/642605Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            https://twitter.com/intent/user?screen_name=troygoode)Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              http://crbug.com/333738.Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                https://fetch.spec.whatwg.org/#fetch-timing-infoKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  http://anglebug.com/1452Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    https://webassembly.github.io/spec/web-apiKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      https://github.com/nodejs/node/pull/12607Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        https://www.ecma-international.org/ecma-262/#sec-line-terminatorsKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txtKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            https://github.com/joyeecheung/node-dep-codemod#dep005)Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              https://github.com/nodejs/node-gyp/issuesKameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                https://crbug.com/650547callClearTwiceUsingKameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  https://blueoakcouncil.org/license/1.0.0Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    http://anglebug.com/3502Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      http://anglebug.com/3623Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        http://anglebug.com/3625Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          http://anglebug.com/3624Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            http://www.unicode.org/copyright.htmlKameta Setup 1.0.0.exe, 00000000.00000003.1732210928.0000000005E30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              https://github.com/npm/npm-normalize-package-binKameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                http://anglebug.com/2894Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  http://anglebug.com/3862Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    http://crbug.com/241769Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      https://nodejs.org/api/util.html#utilinspectobject-optionsKameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        http://anglebug.com/4836Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          https://issuetracker.google.com/issues/166475273Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                            https://heycam.github.io/webidl/#es-iterable-entriesKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                              https://heycam.github.io/webidl/#es-interfacesKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                https://github.com/mapnik/node-mapnik/issues/262Kameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                  https://html.spec.whatwg.org/multipage/browsers.html#concept-origin-opaqueKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    https://github.com/nodejs/node/issuesKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                      https://encoding.spec.whatwg.org/#encode-and-enqueue-a-chunkKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        https://tc39.github.io/ecma262/#sec-object.prototype.tostringKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                          https://url.spec.whatwg.org/#urlsearchparamsKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                            https://github.com/sponsors/isaacsKameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748395496.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748589484.0000000006C40000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                              https://infra.spec.whatwg.org/#ascii-whitespaceKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                http://anglebug.com/3970Kameta Setup 1.0.0.exe, 00000000.00000003.1820252389.0000000006980000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  https://github.com/desktop/registry-js.gitKameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    https://heycam.github.io/webidl/#ReplaceableKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      https://github.com/mikeal/oauth-signKameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        https://streams.spec.whatwg.org/#example-manual-write-with-backpressureKameta Setup 1.0.0.exe, 00000000.00000003.1747865157.0000000005130000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          https://github.com/nodejs/node/pull/30380#issuecomment-552948364Kameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setintervalKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              https://github.com/sponsors/ferossKameta Setup 1.0.0.exe, 00000000.00000003.1748125825.00000000059F2000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748395496.0000000006840000.00000004.00001000.00020000.00000000.sdmp, Kameta Setup 1.0.0.exe, 00000000.00000003.1748589484.0000000006C40000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                https://heycam.github.io/webidl/#dfn-class-stringKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  https://heycam.github.io/webidl/#dfn-iterator-prototype-objectKameta Setup 1.0.0.exe, 00000000.00000003.1820773785.00000000074A8000.00000004.00001000.00020000.00000000.sdmpfalse

                                                                                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                                                    Public IPs

                                                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                    143.244.215.221
                                                                                                                                                                                                                    		file.ioUnited States
                                                                                                                                                                                                                    		174COGENT-174USfalse
                                                                                                                                                                                                                    239.255.255.250
                                                                                                                                                                                                                    		unknownReserved
                                                                                                                                                                                                                    		unknownunknownfalse
                                                                                                                                                                                                                    45.112.123.126
                                                                                                                                                                                                                    		api.gofile.ioSingapore
                                                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                                                    172.217.21.36
                                                                                                                                                                                                                    		www.google.comUnited States
                                                                                                                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                                                                                                                    38.172.200.46
                                                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                                                    		174COGENT-174USfalse
                                                                                                                                                                                                                    172.64.41.3
                                                                                                                                                                                                                    		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                                    Private

                                                                                                                                                                                                                    IP
                                                                                                                                                                                                                    127.0.0.1

                                                                                                                                                                                                                    General Information

                                                                                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                    Analysis ID:1568018
                                                                                                                                                                                                                    Start date and time:2024-12-04 06:31:12 +01:00
                                                                                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                    Overall analysis duration:0h 13m 24s
                                                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                    Report type:full
                                                                                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                    Number of analysed new started processes analysed:324
                                                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                                                    Technologies:
                                                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                                                    Sample name:Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                                                    Classification:mal88.troj.spyw.evad.winEXE@722/218@8/7
                                                                                                                                                                                                                    EGA Information:
                                                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                                                                                                    • Number of executed functions: 41
                                                                                                                                                                                                                    • Number of non-executed functions: 25
                                                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                                                                                    Warnings

                                                                                                                                                                                                                    • Exclude process from analysis (whitelisted): Conhost.exe, dllhost.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 172.217.19.227, 172.217.17.46, 64.233.165.84, 13.107.42.16, 204.79.197.203, 204.79.197.239, 13.107.21.239, 172.217.19.238, 13.107.6.158, 13.87.96.169, 172.217.165.131
                                                                                                                                                                                                                    • Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, clientservices.googleapis.com, clients2.google.com, ocsp.digicert.com, login.live.com, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, accounts.google.com, prod-agic-us-1.uksouth.cloudapp.azure.com, otelrules.azureedge.net, a-0003.a-msedge.net, ctldl.windowsupdate.com, www-msn-com.a-0003.a-msedge.net, b-0005.b-msedge.net, prod-atm-wds-edge.trafficmanager.net, edge.microsoft.com, business-bing-com.b-0005.b-msedge.net, fe3cr.delivery.mp.microsoft.com, l-0007.config.skype.com, business.bing.com, clients.l.google.com, dual-a-0036.a-msedge.net
                                                                                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtCreateNamedPipeFile calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtReadFile calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                    • Report size getting too big, too many NtWriteVirtualMemory calls found.

                                                                                                                                                                                                                    Simulations

                                                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                                                    TimeTypeDescription
                                                                                                                                                                                                                    00:32:14API Interceptor11x Sleep call for process: Kameta Setup 1.0.0.exe modified
                                                                                                                                                                                                                    00:32:26API Interceptor1x Sleep call for process: MpCmdRun.exe modified
                                                                                                                                                                                                                    00:32:29API Interceptor12x Sleep call for process: WMIC.exe modified
                                                                                                                                                                                                                    00:32:36API Interceptor20x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                    00:32:48API Interceptor1x Sleep call for process: dllhost.exe modified

                                                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                                                    IPs

                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                    239.255.255.250https://gaajbai.r.tsp1-brevo.net/tr/cl/Ipv8tLM_6XFaC46-AyySv62xU11Gam_6wBo9PhTW-GrEoJin-pUABRxsrn3Ohs7KWpubjNC13uikhD3jyVC-cicv7bjCnB_FKR8ntrSWj62GHX8lS9bF6DjFTod72jGT5orFYUcuEZfFLhYH0PJw3YcV5REfPqGJ30gJCwxSfXvPcvLXBVOydAdUyQvhvO7-TVZ6o3kdYYQkVDMJ3dx52jV6Fez8X6pInuPyzqbRfl7bceqY4dWENNeM8e3cXfQsiIiS3GOEtSEu79PK1qkXINb6Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Nymaim, Stealc, VidarBrowse
                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                            https://www.bing.com/ck/a?!&&p=b3ddcc612c5f63024f18df0521265aa33742187d0b01744f07bf6348af8f753eJmltdHM9MTczMzE4NDAwMA&ptn=3&ver=2&hsh=4&fclid=26e9525e-8a77-6109-2437-46988be9608d&psq=superpitmachinery.com&u=a1aHR0cHM6Ly9zdXBlcnBpdG1hY2hpbmVyeS5jb20v&ntb/#fi-weixiang.ong@falconincorporation.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              file.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                Invoice268277.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      QuarantineMessage (1).zipGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                        143.244.215.221iDvmIRCPBw.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          ZdXUGLQpoL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            jaPB8q3WL1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              00514DIRyT.exeGet hashmaliciousGO StealerBrowse
                                                                                                                                                                                                                                                45.112.123.126Pdf Reader.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                                  gKWbina3a4.batGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                                    K6aOw2Jmji.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                                      uyz4YPUyc9.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                                        yv7QsAR49V.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                                          jpiWvvEcbp.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                                            5E3zWXveDN.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                                              LKxcbzlwkz.exeGet hashmaliciousAveMaria, KeyLogger, StealeriumBrowse
                                                                                                                                                                                                                                                                t1gY0BGmOZ.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                  t1gY0BGmOZ.jarGet hashmaliciousCan StealerBrowse

                                                                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                    api.gofile.ioPdf Reader.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                                                    • 45.112.123.126
                                                                                                                                                                                                                                                                    gKWbina3a4.batGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                                                    • 45.112.123.126
                                                                                                                                                                                                                                                                    K6aOw2Jmji.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                                                    • 45.112.123.126
                                                                                                                                                                                                                                                                    uyz4YPUyc9.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                                                    • 45.112.123.126
                                                                                                                                                                                                                                                                    yv7QsAR49V.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                                                    • 45.112.123.126
                                                                                                                                                                                                                                                                    jpiWvvEcbp.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                                                    • 45.112.123.126
                                                                                                                                                                                                                                                                    5E3zWXveDN.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                                                    • 45.112.123.126
                                                                                                                                                                                                                                                                    LKxcbzlwkz.exeGet hashmaliciousAveMaria, KeyLogger, StealeriumBrowse
                                                                                                                                                                                                                                                                    • 45.112.123.126
                                                                                                                                                                                                                                                                    t1gY0BGmOZ.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                    • 45.112.123.126
                                                                                                                                                                                                                                                                    t1gY0BGmOZ.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                    • 45.112.123.126
                                                                                                                                                                                                                                                                    chrome.cloudflare-dns.comton.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                    mtbkkesfthae.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                    pyjnkasedf.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                    kingsmaker_6.ca.ps1Get hashmaliciousDucktailBrowse
                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                    Job Description.lnk (2).download.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                    Company Booklet.lnk (2).download.lnkGet hashmaliciousDucktailBrowse
                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                    file.ioPdf Reader.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                                                    • 45.112.123.126
                                                                                                                                                                                                                                                                    gKWbina3a4.batGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                                                    • 31.14.70.244
                                                                                                                                                                                                                                                                    K6aOw2Jmji.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                                                    • 31.14.70.244
                                                                                                                                                                                                                                                                    uyz4YPUyc9.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                                                    • 31.14.70.244
                                                                                                                                                                                                                                                                    yv7QsAR49V.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                                                    • 31.14.70.244
                                                                                                                                                                                                                                                                    jpiWvvEcbp.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                                                    • 31.14.70.244
                                                                                                                                                                                                                                                                    5E3zWXveDN.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                                                    • 31.14.70.244
                                                                                                                                                                                                                                                                    LKxcbzlwkz.exeGet hashmaliciousAveMaria, KeyLogger, StealeriumBrowse
                                                                                                                                                                                                                                                                    • 45.112.123.126
                                                                                                                                                                                                                                                                    t1gY0BGmOZ.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                    • 45.112.123.126
                                                                                                                                                                                                                                                                    t1gY0BGmOZ.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                                                    • 45.112.123.126

                                                                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                    AMAZON-02UShttps://gaajbai.r.tsp1-brevo.net/tr/cl/Ipv8tLM_6XFaC46-AyySv62xU11Gam_6wBo9PhTW-GrEoJin-pUABRxsrn3Ohs7KWpubjNC13uikhD3jyVC-cicv7bjCnB_FKR8ntrSWj62GHX8lS9bF6DjFTod72jGT5orFYUcuEZfFLhYH0PJw3YcV5REfPqGJ30gJCwxSfXvPcvLXBVOydAdUyQvhvO7-TVZ6o3kdYYQkVDMJ3dx52jV6Fez8X6pInuPyzqbRfl7bceqY4dWENNeM8e3cXfQsiIiS3GOEtSEu79PK1qkXINb6Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 44.240.133.238
                                                                                                                                                                                                                                                                    mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 54.171.230.55
                                                                                                                                                                                                                                                                    https://www.bing.com/ck/a?!&&p=b3ddcc612c5f63024f18df0521265aa33742187d0b01744f07bf6348af8f753eJmltdHM9MTczMzE4NDAwMA&ptn=3&ver=2&hsh=4&fclid=26e9525e-8a77-6109-2437-46988be9608d&psq=superpitmachinery.com&u=a1aHR0cHM6Ly9zdXBlcnBpdG1hY2hpbmVyeS5jb20v&ntb/#fi-weixiang.ong@falconincorporation.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 13.227.8.65
                                                                                                                                                                                                                                                                    ft.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                                    • 185.166.143.50
                                                                                                                                                                                                                                                                    https://payroll-news.at-eu.therelayservice.com/service/BUX_ZozoSdJWCG_5j9jtL5kIM8s4zpz8F8daQ7vEahL5WDRxV7IghpJPwSaoWNEG9eO6H06U_y_gwUSZJc9fDfwYBqPUPrZdmmRzUZ9qHFiMcq2w4-i7crrAjeyo_fa156_U7Eu0Ww9PKs3fM5eYkKQ_3vneF9YQUPUya3C3-wlq3FWHKATIkpuQEfV3laRldFNeWNfYS-sS9ogrADD3n54QIIqJd8nlTvWUjJCrpgug-gBImSGXyayDT39pkqjgqB_40YKcUcppFI95cuu7iPqdT0iDrU2CjdVlbNBd7udGztDhsYo1On9eJe-8oAEXs4eUbwt4py8g4aPFRtdg8AUlv-D-xKGeqkuRGN01AKHTOx7qZI-nNi5aqPk4UOXYeA3nx4xY22_7T29dLhfKcAGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 52.217.140.2
                                                                                                                                                                                                                                                                    most-x86_64.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                    • 34.249.145.219
                                                                                                                                                                                                                                                                    teste.arm5.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                                                    • 54.103.237.20
                                                                                                                                                                                                                                                                    teste.m68k.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                                                    • 18.152.233.140
                                                                                                                                                                                                                                                                    teste.sh4.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                                                    • 13.57.193.182
                                                                                                                                                                                                                                                                    teste.x86_64.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                                                    • 18.140.235.228
                                                                                                                                                                                                                                                                    COGENT-174USx86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                    • 206.0.212.27
                                                                                                                                                                                                                                                                    teste.arm5.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                                                    • 38.31.207.148
                                                                                                                                                                                                                                                                    teste.m68k.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                                                    • 38.177.208.149
                                                                                                                                                                                                                                                                    teste.x86_64.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                                                    • 206.234.73.160
                                                                                                                                                                                                                                                                    teste.mips.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                                                    • 38.217.51.209
                                                                                                                                                                                                                                                                    teste.ppc.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                                                    • 149.127.172.184
                                                                                                                                                                                                                                                                    teste.mpsl.elfGet hashmaliciousGafgyt, Mirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                                                    • 167.141.205.46
                                                                                                                                                                                                                                                                    m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                    • 38.220.172.164
                                                                                                                                                                                                                                                                    sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                    • 38.154.20.156
                                                                                                                                                                                                                                                                    teste.x86.elfGet hashmaliciousMirai, Moobot, OkiruBrowse
                                                                                                                                                                                                                                                                    • 38.230.71.227

                                                                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\26d157fd-2ca2-4c01-b057-d93229d09364.tmp

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):8307
                                                                                                                                                                                                                                                                    Entropy (8bit):5.793720174092154
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:192:fsNAm0sbVeiRUDFQekakT6qRAq1k8SPxVLZ7VTiQ:fsNAZsBEataw6q3QxVNZTiQ
                                                                                                                                                                                                                                                                    MD5:FD66EB2BFD96B03E5D097CAA045B356E
                                                                                                                                                                                                                                                                    SHA1:6B84DE85A2C3563268000792D05C0E866BA29214
                                                                                                                                                                                                                                                                    SHA-256:9220A4A3951C4350132BE56D84F5536813E2E74AD4DC0420337182ADEF900EE1
                                                                                                                                                                                                                                                                    SHA-512:27B26C80E003DB2B3A2D4BF6991E6BA1DEA699752FD6DD7D387CFE6736E017AEA4AB0C5237FD527F50FD797E1115E0872A2B3475D219B620A69847633EEB4219
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Ve

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\50c15ad4-c3c9-4922-9f5f-356837788599.tmp

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):8389
                                                                                                                                                                                                                                                                    Entropy (8bit):5.787675957011341
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:192:fsNwm0sbVeiRUWFQekakT6qRAq1k8SPxVLZ7VTiQ:fsNwZsBLataw6q3QxVNZTiQ
                                                                                                                                                                                                                                                                    MD5:CAD5B74165A38F9FB0C6DE726872AE89
                                                                                                                                                                                                                                                                    SHA1:631C4B9632272A1E8FC5880FF7A2F72374B4ADC0
                                                                                                                                                                                                                                                                    SHA-256:88AF1C48192BA0965095FBD41A41F58543F72AE536DD221AD1722287198F1166
                                                                                                                                                                                                                                                                    SHA-512:3BB6ADD6ACA02242D7A7B7DD533D65C2F17C292F42669532B6FA85B16EFE00F765BB4F76C0000CB13272EB28DD878AFA22B8541D975A29E52BBCA6DC6622CF87
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fire_local_softlanding_notification":false,"fre":{"oem_bookmarks_set":true,"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\611a4120-f6b2-46a7-bbe5-d3a05ebc0f5f.tmp

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):6820
                                                                                                                                                                                                                                                                    Entropy (8bit):5.794003621625986
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:192:akm0sbLeiRUJh16qRAq1k8SPxVLZ7VTiq:akZs7c16q3QxVNZTiq
                                                                                                                                                                                                                                                                    MD5:279D717037CE121916CB6ED78613BA9F
                                                                                                                                                                                                                                                                    SHA1:21E84B21D7BED02559A57315C92957FBAF3DE9CE
                                                                                                                                                                                                                                                                    SHA-256:2534CA244AE77F5ECA9AB4B0FF4C47DFB1CFE4FC3DBBE18E070EE591BCF49175
                                                                                                                                                                                                                                                                    SHA-512:D3BC6A1B25171C8459B6C70594E86509D4E29CC323117784B1A4C94698F868CDA4DD3AB846CF361D3877ABA5EF1496D698E6DFD4D3C5051D486573830F6B5C9F
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADacuojRefESJioRTg6FSjaEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADcH/FMRTSN/GAQnHWOJ2rMPf+/om00Ja0Hrz+xwyA4qgAAAAA

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-674FE97B-10F4.pma

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):4194304
                                                                                                                                                                                                                                                                    Entropy (8bit):0.24409624828003282
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:1536:tyPJI6oLgkgRGNRGFEYsvXteikWFWhOoZKbz/Wj:tyRIjLgkgRGS6YsvXtenWgZKbz/Wj
                                                                                                                                                                                                                                                                    MD5:26289C57B1071FF5A342DCC76EA1D8D0
                                                                                                                                                                                                                                                                    SHA1:C86320B3CE03FE33D5A0164EDC2CAF0546CCFAD2
                                                                                                                                                                                                                                                                    SHA-256:DC6F14440CF27109B7034B4ACEE81F7FE0435E3F80849C33C80B26B5E08EE74D
                                                                                                                                                                                                                                                                    SHA-512:C53FD4C0EBF5DA539632A69354A7883C2D4FFB47AFF7082F35C381285E4D11E18E3810BC00F6A8FB7BD5803AF73B97814C93FF387CCDA6C549044AF12EAEEFA0
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:...@..@...@.....C.].....@................T...T..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....y.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".xkrfjf20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@............./........................<.w..U'D.I..G...W6.....>.........."....."...2...".*.:............B)..1.3.147.37.. .*.RegKeyNotFound2.windowsR...Z.....K7..E@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....trig

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):280
                                                                                                                                                                                                                                                                    Entropy (8bit):1.7848956527006603
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:FiWWltl/9U1i2RRIxINXj1C:o1/R2Yq2
                                                                                                                                                                                                                                                                    MD5:C48FB0C839F52094E5B7ED752859BB4F
                                                                                                                                                                                                                                                                    SHA1:D7863FA68E45C3432E10236A977708A44E300FAB
                                                                                                                                                                                                                                                                    SHA-256:EFFCFFAA8C3AE23BC6BBBF20BEFC538BCE1C6641096837F63E94124D5794FB1B
                                                                                                                                                                                                                                                                    SHA-512:16AB8BA83EF97293FA75C34EC1C40CB53408159B201A57B2FA2185EE66B21F9708CFA289B9CF3413253BAB4AE7E9700C3469CDCBA03672992077BA8BB22EF641
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:sdPC......................5.y&.K.?....................................................................................................................................................................................................48ea0ba2-e9bb-4568-92cb-0f42a5c5d505............

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\68ac5585-ab26-4d82-b0ef-61a83891f1c7.tmp

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:L:L
                                                                                                                                                                                                                                                                    MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                    SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                    SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                    SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_0

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                    Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                    MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                    SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                    SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                    SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                                                                                    Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                    MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                    SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                    SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                    SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_2

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_3

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                    Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                    MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                    SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                    SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                    SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\index

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):262512
                                                                                                                                                                                                                                                                    Entropy (8bit):9.47693366977411E-4
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:LsNlHZ/l:Ls35/l
                                                                                                                                                                                                                                                                    MD5:1B60B7BDC9807EE62E7795A49FC5C9D0
                                                                                                                                                                                                                                                                    SHA1:CAFFC489E99DBDA3581967A79FD9CF0E07FA2101
                                                                                                                                                                                                                                                                    SHA-256:1362DF5374FF3CEC8A8A95C1F4B265C7E95CF8F8C762BBE4B2E9A1B9C27E8CCF
                                                                                                                                                                                                                                                                    SHA-512:69FDCF3C55C27C6FD9371C27C7B20AAD78BB4D92842E4F76512C76720BCCC89C8EB7E9783BA57245D0DA78C5327444F417512F78C984F8F6ADE2E123A04D09FA
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........................................Qk.d../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):33
                                                                                                                                                                                                                                                                    Entropy (8bit):3.5394429593752084
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                                                                                                                                                    MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                                                                                                                                                    SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                                                                                                                                                    SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                                                                                                                                                    SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:...m.................DB_VERSION.1

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):305
                                                                                                                                                                                                                                                                    Entropy (8bit):5.162426824766622
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6:j/ORM1wkn23oH+TcwtnG2tbB2KLlJ/nBvq2Pwkn23oH+TcwtnG2tMsIFUv:7ORrfYebn9VFLjBvvYfYebn9GFUv
                                                                                                                                                                                                                                                                    MD5:B49010E3DA7E65F24D26E109E4C99B36
                                                                                                                                                                                                                                                                    SHA1:0F0246E6AAF6C82EBFAEC1B41BF1E65379E70CA5
                                                                                                                                                                                                                                                                    SHA-256:DAF8F7B89F05287033CA106FF434475F54884EA8A2D3BB556BE6F7CE7753C005
                                                                                                                                                                                                                                                                    SHA-512:EDC6FB1523B13C4923CD2EEDBD8AF9E9D925715430D3ECD4EA277F6D7CCA624484A0C68472B093E1C0AE725F245A0F625CF2331BC24F89F9ACF8769996C1AA68
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:2024/12/04-00:32:44.335 1e24 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db since it was missing..2024/12/04-00:32:44.365 1e24 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000001.dbtmp

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):171
                                                                                                                                                                                                                                                                    Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCT
                                                                                                                                                                                                                                                                    MD5:E952942B492DB39A75DD2669B98EBE74
                                                                                                                                                                                                                                                                    SHA1:F6C4DEF325DCA0DFEC01759D7D8610837A370176
                                                                                                                                                                                                                                                                    SHA-256:14F92B911F9FE774720461EEC5BB4761AE6BFC9445C67E30BF624A8694B4B1DA
                                                                                                                                                                                                                                                                    SHA-512:9193E7BBE7EB633367B39513B48EFED11FD457DCED070A8708F8572D0AB248CBFF37254599A6BFB469637E0DCCBCD986347C6B6075C06FAE2AF08387B560DEA0
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\CURRENT (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):281
                                                                                                                                                                                                                                                                    Entropy (8bit):5.094016733065257
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6:j/BDRoM1wkn23oH+Tcwt8aVdg2KLlJ/GFIq2Pwkn23oH+Tcwt8aPrqIFUv:7BDSrfYeb0LjGOvYfYebL3FUv
                                                                                                                                                                                                                                                                    MD5:5801E913E4F69D379877485DF0B3FC63
                                                                                                                                                                                                                                                                    SHA1:F9DB956BA5495FA1C99096101DAD8101308E5839
                                                                                                                                                                                                                                                                    SHA-256:64E01EE45F5C1BEC4F8FC83357EF2D4CFE777FA219D4F3272D519D16906A46CA
                                                                                                                                                                                                                                                                    SHA-512:F70B596D910FEC408970CC6E7927A6F464B53789BA948D76650DE9130F6D72A50758ACFA1D07640B8400EA0767C7A0E6A22CD6B91B5BB05F3582EEDAD4EF873E
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:2024/12/04-00:32:44.270 23a4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules since it was missing..2024/12/04-00:32:44.448 23a4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000001.dbtmp

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):171
                                                                                                                                                                                                                                                                    Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCT
                                                                                                                                                                                                                                                                    MD5:E952942B492DB39A75DD2669B98EBE74
                                                                                                                                                                                                                                                                    SHA1:F6C4DEF325DCA0DFEC01759D7D8610837A370176
                                                                                                                                                                                                                                                                    SHA-256:14F92B911F9FE774720461EEC5BB4761AE6BFC9445C67E30BF624A8694B4B1DA
                                                                                                                                                                                                                                                                    SHA-512:9193E7BBE7EB633367B39513B48EFED11FD457DCED070A8708F8572D0AB248CBFF37254599A6BFB469637E0DCCBCD986347C6B6075C06FAE2AF08387B560DEA0
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\CURRENT (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):285
                                                                                                                                                                                                                                                                    Entropy (8bit):5.095450517663594
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6:j/aM1wkn23oH+Tcwt86FB2KLlJ/w4q2Pwkn23oH+Tcwt865IFUv:7arfYeb/FFLjw4vYfYeb/WFUv
                                                                                                                                                                                                                                                                    MD5:4D1B8FA69DF40BD3045B3E0A3B5861D7
                                                                                                                                                                                                                                                                    SHA1:4933521222544BE69A7E168C807B2B6D98983A1C
                                                                                                                                                                                                                                                                    SHA-256:1982BB72CD82927D7A3DF37D04923C39D732967EF0789A03EA8F02F929854451
                                                                                                                                                                                                                                                                    SHA-512:E18AB8B742F938A5957DF8159727A9C538D42A22897BC801F04C674B70A43CE5C778D021D75016D42438EA869CC31BDB4488F9EC7263237945255823C4CC17FA
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:2024/12/04-00:32:44.449 23a4 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts since it was missing..2024/12/04-00:32:44.495 23a4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\MANIFEST-000001

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):1083
                                                                                                                                                                                                                                                                    Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
                                                                                                                                                                                                                                                                    MD5:F5DB9E03121BAEFA935729AECA8F9B25
                                                                                                                                                                                                                                                                    SHA1:566AB4BEA20FCA1E5DC02458820EDEAB0D089FCE
                                                                                                                                                                                                                                                                    SHA-256:6AF84BCBACC6188E9DC569332B289BA93FE5495124E53D7C2213F43CE23C51D6
                                                                                                                                                                                                                                                                    SHA-512:A3B7DC9910A812BE90F789C257FDAAA35D04DD418FDB9C9FAD8E4E28C5D311DAC744CD64D16E9681554213FFD0CF9815EC24CF7E0BE4D78CE93C9AF27F6CFB20
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):322
                                                                                                                                                                                                                                                                    Entropy (8bit):5.113382580632903
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6:j/yFTAq2Pwkn23oH+Tcwt8NIFUt8m/yFThZmw+m/T7kwOwkn23oH+Tcwt8+eLJ:7ypAvYfYebpFUt82yph/+2T75JfYebqJ
                                                                                                                                                                                                                                                                    MD5:B1DE06B2F3EC9ECEF5D1F33E1F112F01
                                                                                                                                                                                                                                                                    SHA1:1E583E51DDE29CDCD95C1C7A02185E353C4999F6
                                                                                                                                                                                                                                                                    SHA-256:495D8C3D0EADE764991543CAD52A316CC5E87705435BA9C19F6E0A752B2D274F
                                                                                                                                                                                                                                                                    SHA-512:E1F150D8F2C8F952E33D9899706C5720A19C134AE3D6498C68E983D7E4586311F78627BA9EBC2DD0D4A30397E6408B0FEE5DCDF32BFDC63DFFE86996148BA9C7
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:2024/12/04-00:32:44.954 2060 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/04-00:32:44.954 2060 Recovering log #3.2024/12/04-00:32:44.955 2060 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):322
                                                                                                                                                                                                                                                                    Entropy (8bit):5.113382580632903
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6:j/yFTAq2Pwkn23oH+Tcwt8NIFUt8m/yFThZmw+m/T7kwOwkn23oH+Tcwt8+eLJ:7ypAvYfYebpFUt82yph/+2T75JfYebqJ
                                                                                                                                                                                                                                                                    MD5:B1DE06B2F3EC9ECEF5D1F33E1F112F01
                                                                                                                                                                                                                                                                    SHA1:1E583E51DDE29CDCD95C1C7A02185E353C4999F6
                                                                                                                                                                                                                                                                    SHA-256:495D8C3D0EADE764991543CAD52A316CC5E87705435BA9C19F6E0A752B2D274F
                                                                                                                                                                                                                                                                    SHA-512:E1F150D8F2C8F952E33D9899706C5720A19C134AE3D6498C68E983D7E4586311F78627BA9EBC2DD0D4A30397E6408B0FEE5DCDF32BFDC63DFFE86996148BA9C7
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:2024/12/04-00:32:44.954 2060 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/12/04-00:32:44.954 2060 Recovering log #3.2024/12/04-00:32:44.955 2060 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 39, 1st free page 10, free pages 4, cookie 0x45, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):159744
                                                                                                                                                                                                                                                                    Entropy (8bit):0.5241404324800358
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:96:56U+bGzPDLjGQLBE3up+U0jBo4tgi3JMe9xJDECVjN:5R+GPXBBE3upb0HtTTDxVj
                                                                                                                                                                                                                                                                    MD5:241322143A01979D346689D9448AC8C0
                                                                                                                                                                                                                                                                    SHA1:DD95F97EE1CCB8FD9026D2156DE9CB8137B816D1
                                                                                                                                                                                                                                                                    SHA-256:65EEBDEC4F48A111AC596212A1D71C3A5CFA996797500E5344EEABDFA02527C8
                                                                                                                                                                                                                                                                    SHA-512:9C7241462A9DADEF25D8EEB1C14BABFBA65C451EBAFBC068B9856E4EF0EB6F894A44686CBB0D1F46C7F546335D0C53A3E386E6C1A017082DE127F8F9C0A54BD2
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......'...........E......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):28672
                                                                                                                                                                                                                                                                    Entropy (8bit):0.33890226319329847
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12:TLMfly7aoxrRGcAkSQdC6ae1//fxEjkE/RFL2iFV1eHFxOUwa5qgufTsZ75fOSI:TLYcjr0+Pdajk+FZH1W6UwccI5fBI
                                                                                                                                                                                                                                                                    MD5:971F4C153D386AC7ED39363C31E854FC
                                                                                                                                                                                                                                                                    SHA1:339841CA0088C9EABDE4AACC8567D2289CCB9544
                                                                                                                                                                                                                                                                    SHA-256:B6468DA6EC0EAE580B251692CFE24620D39412954421BBFDECB13EF21BE7BC88
                                                                                                                                                                                                                                                                    SHA-512:1A4DD0C2BE163AAB3B81D63DEB4A7DB6421612A6CF1A5685951F86B7D5A40B67FC6585B7E52AA0CC20FF47349F15DFF0C9038086E3A7C78AE0FFBEE6D8AA7F7E
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):406
                                                                                                                                                                                                                                                                    Entropy (8bit):5.199881629918119
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12:758+vYfYeb8rcHEZrELFUt825rCX/+25rC3V5JfYeb8rcHEZrEZSJ:XYfYeb8nZrExg8KJfYeb8nZrEZe
                                                                                                                                                                                                                                                                    MD5:791F583001AFB8CD790F2DF8C0484EE4
                                                                                                                                                                                                                                                                    SHA1:8204E7CFBE28708022715744DBB14C6716B22DC8
                                                                                                                                                                                                                                                                    SHA-256:174FD8949F7F6D4FAC00A2A4085EB109620E9E273F6879ADE1B826F9ACAFE3BD
                                                                                                                                                                                                                                                                    SHA-512:00FC68F875598C04C388D52DF5AE40DF3C019D387BC748DFD3D1779E1D8C0A0C7A035346C9EEB241DB2E41A34E53FBCE10F7A9F983100E4D952B503E79FDFFD5
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:2024/12/04-00:32:46.072 204c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/04-00:32:46.074 204c Recovering log #3.2024/12/04-00:32:46.074 204c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):406
                                                                                                                                                                                                                                                                    Entropy (8bit):5.199881629918119
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12:758+vYfYeb8rcHEZrELFUt825rCX/+25rC3V5JfYeb8rcHEZrEZSJ:XYfYeb8nZrExg8KJfYeb8nZrEZe
                                                                                                                                                                                                                                                                    MD5:791F583001AFB8CD790F2DF8C0484EE4
                                                                                                                                                                                                                                                                    SHA1:8204E7CFBE28708022715744DBB14C6716B22DC8
                                                                                                                                                                                                                                                                    SHA-256:174FD8949F7F6D4FAC00A2A4085EB109620E9E273F6879ADE1B826F9ACAFE3BD
                                                                                                                                                                                                                                                                    SHA-512:00FC68F875598C04C388D52DF5AE40DF3C019D387BC748DFD3D1779E1D8C0A0C7A035346C9EEB241DB2E41A34E53FBCE10F7A9F983100E4D952B503E79FDFFD5
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:2024/12/04-00:32:46.072 204c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/12/04-00:32:46.074 204c Recovering log #3.2024/12/04-00:32:46.074 204c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):334
                                                                                                                                                                                                                                                                    Entropy (8bit):5.108628524977069
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6:j/Au+L+q2Pwkn23oH+Tcwt8a2jMGIFUt8m/EoKWZmw+m/PLVkwOwkn23oH+Tcwtw:7sL+vYfYeb8EFUt82IW/+2PLV5JfYebw
                                                                                                                                                                                                                                                                    MD5:9FB059DB9D73F2E6E2E5635C22043CE0
                                                                                                                                                                                                                                                                    SHA1:6D013F49943D15E7ADA083BE1A75D3040CD46F54
                                                                                                                                                                                                                                                                    SHA-256:2BADE10ACCEB51BDFD5F33560FC5D653BAE84BA218D46D93EACC4128BC4266E5
                                                                                                                                                                                                                                                                    SHA-512:40BD41754D7F42F93FDD55DB22F1F7A8ECB7425FA57AB0C69640A4CFECA824269AE07BBEA7BC1BADB3463749D84CB0D80D016953ED2C4E3DBC7ACFB5FA54E085
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:2024/12/04-00:32:44.512 1e3c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/04-00:32:44.513 1e3c Recovering log #3.2024/12/04-00:32:44.517 1e3c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):334
                                                                                                                                                                                                                                                                    Entropy (8bit):5.108628524977069
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6:j/Au+L+q2Pwkn23oH+Tcwt8a2jMGIFUt8m/EoKWZmw+m/PLVkwOwkn23oH+Tcwtw:7sL+vYfYeb8EFUt82IW/+2PLV5JfYebw
                                                                                                                                                                                                                                                                    MD5:9FB059DB9D73F2E6E2E5635C22043CE0
                                                                                                                                                                                                                                                                    SHA1:6D013F49943D15E7ADA083BE1A75D3040CD46F54
                                                                                                                                                                                                                                                                    SHA-256:2BADE10ACCEB51BDFD5F33560FC5D653BAE84BA218D46D93EACC4128BC4266E5
                                                                                                                                                                                                                                                                    SHA-512:40BD41754D7F42F93FDD55DB22F1F7A8ECB7425FA57AB0C69640A4CFECA824269AE07BBEA7BC1BADB3463749D84CB0D80D016953ED2C4E3DBC7ACFB5FA54E085
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:2024/12/04-00:32:44.512 1e3c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/12/04-00:32:44.513 1e3c Recovering log #3.2024/12/04-00:32:44.517 1e3c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 28, cookie 0x1d, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):57344
                                                                                                                                                                                                                                                                    Entropy (8bit):0.863060653641558
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:96:u7/KLPeymOT7ynlm+yKwt7izhGnvgbn8MouB6wznP:u74CnlmVizhGE7IwD
                                                                                                                                                                                                                                                                    MD5:C681C90B3AAD7F7E4AF8664DE16971DF
                                                                                                                                                                                                                                                                    SHA1:9F72588CEA6569261291B19E06043A1EFC3653BC
                                                                                                                                                                                                                                                                    SHA-256:ADB987BF641B2531991B8DE5B10244C3FE1ACFA7AD7A61A65D2E2D8E7AB34C1D
                                                                                                                                                                                                                                                                    SHA-512:4696BF334961E4C9757BAC40C41B4FBE3E0B9F821BD242CE6967B347053787BE54D1270D7166745126AFA42E8193AC2E695B0D8F11DE8F0B2876628B7C128942
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2c081102-9c43-4e3b-98b4-14da3c110e7e.tmp

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                                                                    Entropy (8bit):1.3520513083942969
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:48:TsKLopF+SawLUO1Xj8BNLd2Mc+nk7i3823XcmKvKWkqFX08:te+AuNHk238NmKdX08
                                                                                                                                                                                                                                                                    MD5:44C2D9940BB421B7D30EDEC43767F699
                                                                                                                                                                                                                                                                    SHA1:0E7E6AA4D3A01680BF3FD6F18A29E59BD0840AA0
                                                                                                                                                                                                                                                                    SHA-256:B9ED668E83096EF94FDFA8EEB063F76A2BAF9F2FA3C708214A844A8366B7ECB3
                                                                                                                                                                                                                                                                    SHA-512:6D8E27151C03E8C9746078D6F680751CAB01F2C66B7ED399E1C15C05011FD791A08E3B153F26F6B8D94FC29AE261EA22C73A6E827E53793FD6649357A7052BBC
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):61
                                                                                                                                                                                                                                                                    Entropy (8bit):3.926136109079379
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:YLb9N+eAXRfHDH2LSL:YHpoeSL
                                                                                                                                                                                                                                                                    MD5:4DF4574BFBB7E0B0BC56C2C9B12B6C47
                                                                                                                                                                                                                                                                    SHA1:81EFCBD3E3DA8221444A21F45305AF6FA4B71907
                                                                                                                                                                                                                                                                    SHA-256:E1B77550222C2451772C958E44026ABE518A2C8766862F331765788DDD196377
                                                                                                                                                                                                                                                                    SHA-512:78B14F60F2D80400FE50360CF303A961685396B7697775D078825A29B717081442D357C2039AD0984D4B622976B0314EDE8F478CDE320DAEC118DA546CB0682A
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:{"net":{"http_server_properties":{"servers":[],"version":5}}}

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                    Size (bytes):36864
                                                                                                                                                                                                                                                                    Entropy (8bit):1.04371900235719
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:48:TKIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSBuW3:eIEumQv8m1ccnvS6JfWgN
                                                                                                                                                                                                                                                                    MD5:D18E8A97C0E6AB9957AE1390F2CDF3BF
                                                                                                                                                                                                                                                                    SHA1:2638253E3DDA2AAE2D5C96525E17F9D771584C4D
                                                                                                                                                                                                                                                                    SHA-256:D869E89F01BA514E73CB02E647FE60A307848B10C1EF734FC8607E38E490A7EE
                                                                                                                                                                                                                                                                    SHA-512:8239FE68DF6D3250F996E23758ECC6F9DE618CEF1B772944F1ACB3E905BCE6F95F68EA8FCFA6C3676AAAA6092D068025EE293B413F894A73291147A0612F35AB
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF33b54.TMP (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):203
                                                                                                                                                                                                                                                                    Entropy (8bit):5.4042796420747425
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6:YAQN1iL50xHA9vh8wXwlmUUAnIMp5sXX2SQ:Y45Sg9vt+UAnIXZQ
                                                                                                                                                                                                                                                                    MD5:24D66E5F1B8C76C76511DA68057CDE5E
                                                                                                                                                                                                                                                                    SHA1:70225FEC1AE3FEF8D8A767D9EA0B0E108BF8F10D
                                                                                                                                                                                                                                                                    SHA-256:D5CB3A4A104E2EC4F13E8B4CDF3BD469E0AB638713928BEA1EAEAF03998B794C
                                                                                                                                                                                                                                                                    SHA-512:1CA093B4BB4E0B3EE0B791AD0E6B39AC9640CEB6ED005BD10A10B4AF904858F4898D86D26B60B625CDA9425FF317C6B9FE0DF2E12C897A52720AF775B19491AA
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:{"expect_ct":[],"sts":[{"expiry":1727869700.805692,"host":"dUymlFcJcEIuWrPNRCRXYtREHxXDHdPfT47kO1IQnQ0=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1696333700.805702}],"version":2}

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Trust Tokens

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):36864
                                                                                                                                                                                                                                                                    Entropy (8bit):0.36515621748816035
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                    MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                                                                                                                                                                                                    SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                                                                                                                                                                                                    SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                                                                                                                                                                                                    SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\f7bc8db2-c117-42b3-8e25-25e195f5ae9c.tmp

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                                                                    Entropy (8bit):0.46731661083066856
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3is25q0S9K0xHZ75fOV:TLiOUOq0afDdWec9sJf5Q7J5fc
                                                                                                                                                                                                                                                                    MD5:E93ACF0820CA08E5A5D2D159729F70E3
                                                                                                                                                                                                                                                                    SHA1:2C1A4D4924B9AEC1A796F108607404B000877C5D
                                                                                                                                                                                                                                                                    SHA-256:F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
                                                                                                                                                                                                                                                                    SHA-512:3BF36C20E04DCF1C16DC794E272F82F68B0DE43F16B4A9746B63B6D6BBC953B00BD7111CDA7AFE85CEBB2C447145483A382B15E2B0A5B36026C3441635D4E50C
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):175
                                                                                                                                                                                                                                                                    Entropy (8bit):2.874788585530478
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:S8ltHlS+QUl1ASEGhTFljljljljljljl:S85aEFljljljljljljl
                                                                                                                                                                                                                                                                    MD5:6153AE3A389CFBA4B2FE34025943EC59
                                                                                                                                                                                                                                                                    SHA1:C5762DBAE34261A19EC867FFEA81551757373785
                                                                                                                                                                                                                                                                    SHA-256:93C2B2B9CE1D2A2F28FAC5AADC19C713B567DF08EAEEF4167B6543A1CD094A61
                                                                                                                                                                                                                                                                    SHA-512:F2367664799162966368C4A480DF6EB4205522EAAE32D861217BA8ED7CFABACBFBB0F7C66433FF6D31EC9638DA66E727E04C2239D7C6A0D5FD3356230E09AB6C
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f...............

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):322
                                                                                                                                                                                                                                                                    Entropy (8bit):5.108481418794002
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6:j/yjL+q2Pwkn23oH+TcwtrQMxIFUt8m/fKWZmw+m/mLVkwOwkn23oH+TcwtrQMFd:7yjL+vYfYebCFUt82iW/+2mLV5JfYebf
                                                                                                                                                                                                                                                                    MD5:2002C68B1A250B8F1D5A8362D32B6EC0
                                                                                                                                                                                                                                                                    SHA1:C134A43D0B43AC8553E740C2DAA34862B6CC5AF9
                                                                                                                                                                                                                                                                    SHA-256:2711B5EDA15C8654C387E65303ED33846B25BAFC099C686505CBC03B5FC5BBED
                                                                                                                                                                                                                                                                    SHA-512:3AC619D47343F6D9008649172E2CB1CC972A6421F257624E8DA2A16D3D9FE8D601E9BA80F539FB67C19A496271B126CD25E92DE36710F19F3331DAA8A8C7E30A
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:2024/12/04-00:32:44.972 1e3c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/04-00:32:44.973 1e3c Recovering log #3.2024/12/04-00:32:44.976 1e3c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):322
                                                                                                                                                                                                                                                                    Entropy (8bit):5.108481418794002
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6:j/yjL+q2Pwkn23oH+TcwtrQMxIFUt8m/fKWZmw+m/mLVkwOwkn23oH+TcwtrQMFd:7yjL+vYfYebCFUt82iW/+2mLV5JfYebf
                                                                                                                                                                                                                                                                    MD5:2002C68B1A250B8F1D5A8362D32B6EC0
                                                                                                                                                                                                                                                                    SHA1:C134A43D0B43AC8553E740C2DAA34862B6CC5AF9
                                                                                                                                                                                                                                                                    SHA-256:2711B5EDA15C8654C387E65303ED33846B25BAFC099C686505CBC03B5FC5BBED
                                                                                                                                                                                                                                                                    SHA-512:3AC619D47343F6D9008649172E2CB1CC972A6421F257624E8DA2A16D3D9FE8D601E9BA80F539FB67C19A496271B126CD25E92DE36710F19F3331DAA8A8C7E30A
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:2024/12/04-00:32:44.972 1e3c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/12/04-00:32:44.973 1e3c Recovering log #3.2024/12/04-00:32:44.976 1e3c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13377763966683161

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):230
                                                                                                                                                                                                                                                                    Entropy (8bit):3.7720359642572356
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:3BytlX/GlkDMllttlyMOXpOXbB8NOUl68QllVc5B0pl1K/lB88/ZDwr9VA:3oakDM/9fOXpOXbK/x52ZuB8cypVA
                                                                                                                                                                                                                                                                    MD5:4FED097ECE9DACD240B9AD81E41E8D99
                                                                                                                                                                                                                                                                    SHA1:23E7F22719EC3BBFEED960F9A505A454FA18BE70
                                                                                                                                                                                                                                                                    SHA-256:3BF06D1BF87F6F69F08331F4CD511E2C1299F2D766A5A9ABDC4F1A071420C359
                                                                                                                                                                                                                                                                    SHA-512:B04519B943C8F25183D194768FAC7E0C68726ACCFE1061AC23D989D4EC680E0254CF2507E17F2CC16EBF9D0C5FF3CC9CDB164F224948E3923EACC5BBD2F8322C
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:SNSS.......Xi.k...........Xi.k......"Xi.k...........Xi.k.......Xi.k.......Yi.k.......Yi.k....!..Yi.k...............................Xi.kYi.k1..,...Yi.k$...a19500e6_ecd7_476c_bc04_6d01517de4d3...Xi.k.......Yi.k......p........Xi.k...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):350
                                                                                                                                                                                                                                                                    Entropy (8bit):5.0635170647669545
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6:j/eq2Pwkn23oH+Tcwt7Uh2ghZIFUt8m/IpZZmw+m/tzkwOwkn23oH+Tcwt7Uh2gd:7evYfYebIhHh2FUt82Iz/+2t5JfYebIT
                                                                                                                                                                                                                                                                    MD5:D07E14F5042F1B4CB12E66E6E75DF319
                                                                                                                                                                                                                                                                    SHA1:871898C5D94034B78D31115625F05A4CEFEEE080
                                                                                                                                                                                                                                                                    SHA-256:EC1CAF670FB401401959B3268A86FB218997C183158EF5464E85CA703C958B94
                                                                                                                                                                                                                                                                    SHA-512:28B834D8AE3C69B89D4485B0DD8F95C086118C9C304BA2E7F4922002917C3BC481EC786CB67AB9A5A82923D7E08A21CACB1D03690A6F68B49C07B6EB633F53A6
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:2024/12/04-00:32:44.272 1c40 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/04-00:32:44.273 1c40 Recovering log #3.2024/12/04-00:32:44.311 1c40 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):350
                                                                                                                                                                                                                                                                    Entropy (8bit):5.0635170647669545
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6:j/eq2Pwkn23oH+Tcwt7Uh2ghZIFUt8m/IpZZmw+m/tzkwOwkn23oH+Tcwt7Uh2gd:7evYfYebIhHh2FUt82Iz/+2t5JfYebIT
                                                                                                                                                                                                                                                                    MD5:D07E14F5042F1B4CB12E66E6E75DF319
                                                                                                                                                                                                                                                                    SHA1:871898C5D94034B78D31115625F05A4CEFEEE080
                                                                                                                                                                                                                                                                    SHA-256:EC1CAF670FB401401959B3268A86FB218997C183158EF5464E85CA703C958B94
                                                                                                                                                                                                                                                                    SHA-512:28B834D8AE3C69B89D4485B0DD8F95C086118C9C304BA2E7F4922002917C3BC481EC786CB67AB9A5A82923D7E08A21CACB1D03690A6F68B49C07B6EB633F53A6
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:2024/12/04-00:32:44.272 1c40 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/12/04-00:32:44.273 1c40 Recovering log #3.2024/12/04-00:32:44.311 1c40 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_0

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                    Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                    MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                    SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                    SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                    SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                                                                                    Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                    MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                    SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                    SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                    SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_2

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_3

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                    Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                    MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                    SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                    SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                    SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\index

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):262512
                                                                                                                                                                                                                                                                    Entropy (8bit):9.47693366977411E-4
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:LsNldbl:Ls3Jl
                                                                                                                                                                                                                                                                    MD5:7DB310B934AAE13E61129C3873F94A9F
                                                                                                                                                                                                                                                                    SHA1:4E3B6A3BBF90C6876C8F8FDEFE152A0DD3149211
                                                                                                                                                                                                                                                                    SHA-256:117E9C2491A73A9E747CF1A33DD4DFE944EF040F278737FBF11521B7870983AC
                                                                                                                                                                                                                                                                    SHA-512:6EFD09776A71B5A42FAFEDFC7BCE10E5284FCD9F6154F55583620F376125917091775A71497A063E2D6BB445769E0965F81D9F5FAA4F530F83CCB4131CD2B672
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........................................c?.e../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):432
                                                                                                                                                                                                                                                                    Entropy (8bit):5.210870323060556
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12:7UyvYfYebvqBQFUt82F/+2YGpR5JfYebvqBvJ:JYfYebvZg8AJfYebvk
                                                                                                                                                                                                                                                                    MD5:00A99532863977E122099A7176095207
                                                                                                                                                                                                                                                                    SHA1:EAF5271A11BDA61A0417AFD3359C33854A6B63A8
                                                                                                                                                                                                                                                                    SHA-256:12B747E51A6B14874FA148E01E46A4A61546FB75A40D4A3A9741E9A0760919F4
                                                                                                                                                                                                                                                                    SHA-512:C089D5224C8830065CA9A9C07F3D66C3F349522FBC9AA1063B4DD6AA258E136D327FBDAB3281E1D92E08D26AF84EBC52CC79230220377B2D056A9748BF8C8DA2
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:2024/12/04-00:32:44.982 1cc4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/04-00:32:44.992 1cc4 Recovering log #3.2024/12/04-00:32:44.996 1cc4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):432
                                                                                                                                                                                                                                                                    Entropy (8bit):5.210870323060556
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12:7UyvYfYebvqBQFUt82F/+2YGpR5JfYebvqBvJ:JYfYebvZg8AJfYebvk
                                                                                                                                                                                                                                                                    MD5:00A99532863977E122099A7176095207
                                                                                                                                                                                                                                                                    SHA1:EAF5271A11BDA61A0417AFD3359C33854A6B63A8
                                                                                                                                                                                                                                                                    SHA-256:12B747E51A6B14874FA148E01E46A4A61546FB75A40D4A3A9741E9A0760919F4
                                                                                                                                                                                                                                                                    SHA-512:C089D5224C8830065CA9A9C07F3D66C3F349522FBC9AA1063B4DD6AA258E136D327FBDAB3281E1D92E08D26AF84EBC52CC79230220377B2D056A9748BF8C8DA2
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:2024/12/04-00:32:44.982 1cc4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/12/04-00:32:44.992 1cc4 Recovering log #3.2024/12/04-00:32:44.996 1cc4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):193
                                                                                                                                                                                                                                                                    Entropy (8bit):4.864047146590611
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6:YHpoueH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/u2caq3QH7E4T3y
                                                                                                                                                                                                                                                                    MD5:18D8AE83268DD3A59C64AAD659CF2FD3
                                                                                                                                                                                                                                                                    SHA1:018C9736438D095A67B1C9953082F671C2FDB681
                                                                                                                                                                                                                                                                    SHA-256:D659029D35ADEBB7918AF32FFF3202C63D8047043A8BDF329B2A97751CF95056
                                                                                                                                                                                                                                                                    SHA-512:BB0962F930E9844E8C0E9CD209C07F46259E4C7677D5443B7AEE90DCF7B7E8F9960C5E3FCB8A83B9BB40862FBE0442C547083A9FD421D86674B88B2BEBBEB2FB
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Reporting and NEL

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):36864
                                                                                                                                                                                                                                                                    Entropy (8bit):0.555790634850688
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:48:TsIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:QIEumQv8m1ccnvS6
                                                                                                                                                                                                                                                                    MD5:0247E46DE79B6CD1BF08CAF7782F7793
                                                                                                                                                                                                                                                                    SHA1:B3A63ED5BE3D8EC6E3949FC5E2D21D97ACC873A6
                                                                                                                                                                                                                                                                    SHA-256:AAD0053186875205E014AB98AE8C18A6233CB715DD3AF44E7E8EB259AEAB5EEA
                                                                                                                                                                                                                                                                    SHA-512:148804598D2A9EA182BD2ADC71663D481F88683CE3D672CE12A43E53B0D34FD70458BE5AAA781B20833E963804E7F4562855F2D18F7731B7C2EAEA5D6D52FBB6
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................O}.........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\b098cbf2-ad41-4696-a3f8-341a0c47bccd.tmp

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):326
                                                                                                                                                                                                                                                                    Entropy (8bit):5.1328894852032505
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6:j/0Uq2Pwkn23oH+TcwtpIFUt8m/VZmw+m/aZnFkwOwkn23oH+Tcwta/WLJ:7PvYfYebmFUt82V/+2aZnF5JfYebaUJ
                                                                                                                                                                                                                                                                    MD5:4BF8A99F3D87C6540F4EBCF6909B58B3
                                                                                                                                                                                                                                                                    SHA1:4C738DC55D78F9C49D588C3A14FF430E3D77080C
                                                                                                                                                                                                                                                                    SHA-256:5B0C38505943F5027E39E32CAFFD8D6E009962463FEC680A98DDB9015DDCD3CF
                                                                                                                                                                                                                                                                    SHA-512:01113E397A6BDE0F02555A57B7F65C8003EC6282DF32C65146EF73B1B61AA3B86E468C0CB72A945F43C0D27F10BAC9DF34A5D31A3F966A3D0954A470DAF894E5
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:2024/12/04-00:32:44.350 1ed4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/04-00:32:44.351 1ed4 Recovering log #3.2024/12/04-00:32:44.352 1ed4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):326
                                                                                                                                                                                                                                                                    Entropy (8bit):5.1328894852032505
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6:j/0Uq2Pwkn23oH+TcwtpIFUt8m/VZmw+m/aZnFkwOwkn23oH+Tcwta/WLJ:7PvYfYebmFUt82V/+2aZnF5JfYebaUJ
                                                                                                                                                                                                                                                                    MD5:4BF8A99F3D87C6540F4EBCF6909B58B3
                                                                                                                                                                                                                                                                    SHA1:4C738DC55D78F9C49D588C3A14FF430E3D77080C
                                                                                                                                                                                                                                                                    SHA-256:5B0C38505943F5027E39E32CAFFD8D6E009962463FEC680A98DDB9015DDCD3CF
                                                                                                                                                                                                                                                                    SHA-512:01113E397A6BDE0F02555A57B7F65C8003EC6282DF32C65146EF73B1B61AA3B86E468C0CB72A945F43C0D27F10BAC9DF34A5D31A3F966A3D0954A470DAF894E5
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:2024/12/04-00:32:44.350 1ed4 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/12/04-00:32:44.351 1ed4 Recovering log #3.2024/12/04-00:32:44.352 1ed4 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, 1st free page 5, free pages 2, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):28672
                                                                                                                                                                                                                                                                    Entropy (8bit):0.26707851465859517
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12:TLPp5yN8h6MvDOH+FxOUwa5qVZ7Nkl25Pe2d:TLh8Gxk+6Uwc8NlYC
                                                                                                                                                                                                                                                                    MD5:04F8B790DF73BD7CD01238F4681C3F44
                                                                                                                                                                                                                                                                    SHA1:DF12D0A21935FC01B36A24BF72AB9640FEBB2077
                                                                                                                                                                                                                                                                    SHA-256:96BD789329E46DD9D83002DC40676922A48A3601BF4B5D7376748B34ECE247A0
                                                                                                                                                                                                                                                                    SHA-512:0DD492C371D310121F7FD57D29F8CE92AA2536A74923AC27F9C4C0C1580C849D7779348FC80410DEBB5EEE14F357EBDF33BF670D1E7B6CCDF15D69AC127AB7C3
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g.......j.j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 4, database pages 87, cookie 0x66, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):180224
                                                                                                                                                                                                                                                                    Entropy (8bit):0.9312584730793054
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:192:CSqzyMUfTfnGCTjHbRJkkqtXaWTK+hGgH+6e7E:CrzyffrnzkkqtXnTK+hNH+5
                                                                                                                                                                                                                                                                    MD5:4ECC14F9549C4BB53159212C5BCC9CC0
                                                                                                                                                                                                                                                                    SHA1:EFEABE631F20B60E2863952BFF0F485BEB74CE36
                                                                                                                                                                                                                                                                    SHA-256:49F613160AD871F1B44381BB8F6B4E1EB481E41A86B462D4CD29CB90095EE149
                                                                                                                                                                                                                                                                    SHA-512:6EB988D5F9AA19A26EB1AE4E87F1D2E03D407B969777AB38E2031B3556D8915CCBD4BE6BD537A1A1D22A365D58CDF63E3B790D8AB7281DCCAC09F9685A0788C7
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ .......W...........f......................................................j............O........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data-journal

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):2568
                                                                                                                                                                                                                                                                    Entropy (8bit):0.06569804787746028
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:Lkjl1lhtl9kM:o3r
                                                                                                                                                                                                                                                                    MD5:9DD402DCB1C8B54A118236DA111FD4F2
                                                                                                                                                                                                                                                                    SHA1:D8AB1B30528835AC112BD9B0AC0044471EF558DF
                                                                                                                                                                                                                                                                    SHA-256:A84930F9CF9DB83EC31D9E5A8D2E7CB465DD2E977513B2AD722ADAE3C18687B2
                                                                                                                                                                                                                                                                    SHA-512:601870032DD74F2C86D43EF7BEE1CA268411E73CA0BE26ADE71C4022098D3EE5F19CC17650E965FD4F08C3DF26F675D25577CCAD965E0B50A65401E402B72E6F
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:............O%Ai...W....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\aebc2d6d-79c2-4366-8f69-9a379c684297.tmp

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):1
                                                                                                                                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:L:L
                                                                                                                                                                                                                                                                    MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                    SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                    SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                    SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text, with very long lines (3852), with CRLF line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):11417
                                                                                                                                                                                                                                                                    Entropy (8bit):5.237554345326078
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:192:dH4vrmORnBtW4PoiUDNaxvR5FCHFcoaSbqGEDu:dH4vrmonPW4jR3GaSbqGEDu
                                                                                                                                                                                                                                                                    MD5:DF790948C5A7B5DD19D033FE6C793868
                                                                                                                                                                                                                                                                    SHA1:0C4A681E07505CA84997CE78FEEE1F0D88CB8E2A
                                                                                                                                                                                                                                                                    SHA-256:CB4049061A6A78013D20CC4AB396BEF4F6C35306887BE76765EED4E51EEE702D
                                                                                                                                                                                                                                                                    SHA-512:251C3B5DE5452E2F40C648BDB2E3D1CE2315DD4DFFAF4B4E5E08528DBAAB80535F1A82E183A65AB7DCA0C2926AE5D6B61F06DB390D0E3B8D8E77E826B21042CB
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:{.. "ArbitrationSignal": "(time_elapsed_since_last_notification)-3600^(notification_quick_dismiss_rate_lower_ci+notification_disable_rate+notification_snooze_rate)",.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f41

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000001.dbtmp

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):281
                                                                                                                                                                                                                                                                    Entropy (8bit):5.167935620342828
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6:j/kWH0RM1wkn23oH+Tcwtfrl2KLlJ/9pMq2Pwkn23oH+TcwtfrK+IFUv:7/0RrfYeb1LjXMvYfYeb23FUv
                                                                                                                                                                                                                                                                    MD5:3ABDC5900C3F124AD724DBD06F29C37E
                                                                                                                                                                                                                                                                    SHA1:12C78A46C74F8C7C378A643F7B28782249834BA6
                                                                                                                                                                                                                                                                    SHA-256:86D6FE0825CC540AAC84251903F200F69FA10C436ED0024151317DCB24FD8836
                                                                                                                                                                                                                                                                    SHA-512:51934A2F418C1B375C51FD14C6A6E256D398AAE0E7E38A717A9C57D0C0E97BAC2AFD89BE99B9DBE31BA8715B28D3902B1144295E7A8CC166DA625B0CDE30DA0A
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:2024/12/04-00:32:45.130 1e24 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db since it was missing..2024/12/04-00:32:45.406 1e24 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):184
                                                                                                                                                                                                                                                                    Entropy (8bit):3.6995049215784723
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:G0XttkJcsRwI9tkJcscml9t3moiOlfmEaHTltfmoI///fmEbn:G0Xtqcsqc9Ct3mxKm9HTl1mL//3m8
                                                                                                                                                                                                                                                                    MD5:D0D92D2ACC26306AEC6E8D67FD89BB1D
                                                                                                                                                                                                                                                                    SHA1:98C9F038C1C81881F5EB5E103530458845BCEEA9
                                                                                                                                                                                                                                                                    SHA-256:3B6E086A61E5DA0B64E80F593E648BD49FE77CE072098065399BE2B4F4F46840
                                                                                                                                                                                                                                                                    SHA-512:5464728663F1F62E9DBD7DF26D92FE7CC41B6BFDEE9021CEE5ED230B9F3114ACFF54768E5206B283382CBFF6999B07DF9283ED3DA50E04631729D22DD8E4CB5D
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................21_.....n[.=.................33_.....vuNX.................21_.....

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):299
                                                                                                                                                                                                                                                                    Entropy (8bit):5.160113554309857
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6:j/rcuzRM1wkn23oH+Tcwtfrzs52KLlJ/kCFpMq2Pwkn23oH+TcwtfrzAdIFUv:7IuzRrfYebs9Lj5MvYfYeb9FUv
                                                                                                                                                                                                                                                                    MD5:D23DEE4D1C029A7CAB83C813D0895234
                                                                                                                                                                                                                                                                    SHA1:43D33F01D58B1A0B129BB23F01FEED46B0F861AA
                                                                                                                                                                                                                                                                    SHA-256:3DDA50E4F1B230891982D417BEA9E34F938D337B15C4BA83C4ED3198F769BD9A
                                                                                                                                                                                                                                                                    SHA-512:1EC3D3EB8EF7E224DCCF57BDCC13049768668BDBDD2622A06E7743B9CEB5ADF518341EEBFFA200DDF9BED6FC7C1F3A1CE52905864A963B49F40A0A297D414DE1
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:2024/12/04-00:32:44.769 1e24 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata since it was missing..2024/12/04-00:32:45.127 1e24 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                    Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                    MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                    SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                    SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                    SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                                                                                    Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                    MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                    SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                    SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                    SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_2

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                    Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                    MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                    SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                    SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                    SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\index

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):262512
                                                                                                                                                                                                                                                                    Entropy (8bit):9.47693366977411E-4
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:LsNl8AkLl/l:Ls3cl
                                                                                                                                                                                                                                                                    MD5:D75EAAAE29086B0AB4ED201E05C34C1B
                                                                                                                                                                                                                                                                    SHA1:0C5E49AFE8DA5C69DC4F532DCAEEB6949A71C313
                                                                                                                                                                                                                                                                    SHA-256:FBBE8511DE084D832FD0CB2E283DE9E7FE2A0374BBA2928EEE983956678B3B60
                                                                                                                                                                                                                                                                    SHA-512:91620B9BDF53B8C86282D0EAD7B8DF90DC9909D68C26F7C054AC3CF7817CBD4DF53F15B299B372279AF998D592EC0C52932042864C33F4EF5B6648ADBFCA3885
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:...........................................e../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_0

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                    Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                    MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                    SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                    SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                    SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                                                                                    Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                    MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                    SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                    SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                    SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_2

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_3

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                    Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                    MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                    SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                    SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                    SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\index

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):262512
                                                                                                                                                                                                                                                                    Entropy (8bit):9.47693366977411E-4
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:LsNl8sAeltl:Ls38sAeltl
                                                                                                                                                                                                                                                                    MD5:B3274AC5DF5C1863161F550974F4C441
                                                                                                                                                                                                                                                                    SHA1:CD53524BD60C8D0CC8F3CD863F8CA84A6320A8B3
                                                                                                                                                                                                                                                                    SHA-256:F764D434EECDD5E33A6960DB031A78B05C762BEC7F69BD926619A493C6BCB2F2
                                                                                                                                                                                                                                                                    SHA-512:18877166905ECD00C280A17B3EF53D32AA79DD3B84F68B0DD3E24AEC2C28D9045D715FBE817D7A0074AF020DB3B05DFF08320A92B8DDE427ED76EA7F791F7F88
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:...........................................e../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):13
                                                                                                                                                                                                                                                                    Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                    MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                    SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                    SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                    SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:117.0.2045.47

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):6820
                                                                                                                                                                                                                                                                    Entropy (8bit):5.794003621625986
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:192:akm0sbLeiRUJh16qRAq1k8SPxVLZ7VTiq:akZs7c16q3QxVNZTiq
                                                                                                                                                                                                                                                                    MD5:279D717037CE121916CB6ED78613BA9F
                                                                                                                                                                                                                                                                    SHA1:21E84B21D7BED02559A57315C92957FBAF3DE9CE
                                                                                                                                                                                                                                                                    SHA-256:2534CA244AE77F5ECA9AB4B0FF4C47DFB1CFE4FC3DBBE18E070EE591BCF49175
                                                                                                                                                                                                                                                                    SHA-512:D3BC6A1B25171C8459B6C70594E86509D4E29CC323117784B1A4C94698F868CDA4DD3AB846CF361D3877ABA5EF1496D698E6DFD4D3C5051D486573830F6B5C9F
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADacuojRefESJioRTg6FSjaEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADcH/FMRTSN/GAQnHWOJ2rMPf+/om00Ja0Hrz+xwyA4qgAAAAA

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF32d5a.TMP (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):6820
                                                                                                                                                                                                                                                                    Entropy (8bit):5.794003621625986
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:192:akm0sbLeiRUJh16qRAq1k8SPxVLZ7VTiq:akZs7c16q3QxVNZTiq
                                                                                                                                                                                                                                                                    MD5:279D717037CE121916CB6ED78613BA9F
                                                                                                                                                                                                                                                                    SHA1:21E84B21D7BED02559A57315C92957FBAF3DE9CE
                                                                                                                                                                                                                                                                    SHA-256:2534CA244AE77F5ECA9AB4B0FF4C47DFB1CFE4FC3DBBE18E070EE591BCF49175
                                                                                                                                                                                                                                                                    SHA-512:D3BC6A1B25171C8459B6C70594E86509D4E29CC323117784B1A4C94698F868CDA4DD3AB846CF361D3877ABA5EF1496D698E6DFD4D3C5051D486573830F6B5C9F
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADacuojRefESJioRTg6FSjaEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADcH/FMRTSN/GAQnHWOJ2rMPf+/om00Ja0Hrz+xwyA4qgAAAAA

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF32d7a.TMP (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):6820
                                                                                                                                                                                                                                                                    Entropy (8bit):5.794003621625986
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:192:akm0sbLeiRUJh16qRAq1k8SPxVLZ7VTiq:akZs7c16q3QxVNZTiq
                                                                                                                                                                                                                                                                    MD5:279D717037CE121916CB6ED78613BA9F
                                                                                                                                                                                                                                                                    SHA1:21E84B21D7BED02559A57315C92957FBAF3DE9CE
                                                                                                                                                                                                                                                                    SHA-256:2534CA244AE77F5ECA9AB4B0FF4C47DFB1CFE4FC3DBBE18E070EE591BCF49175
                                                                                                                                                                                                                                                                    SHA-512:D3BC6A1B25171C8459B6C70594E86509D4E29CC323117784B1A4C94698F868CDA4DD3AB846CF361D3877ABA5EF1496D698E6DFD4D3C5051D486573830F6B5C9F
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:{"browser":{"last_redirect_origin":""},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false,"performance_mode_main_toggle":false}},"fire_local_softlanding_notification":false,"fre":{"soft_landing_bubble":{"bubble_response":0,"has_user_seen_bubble":true,"is_bubble_triggered":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"migration":{"last_edgeuwp_pin_migration_on_edge_version":"92.0.902.67","last_edgeuwp_pin_migration_on_os_version":"10 OS Version 2009 (Build 19045.2006)","last_edgeuwp_pin_migration_success":false},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADacuojRefESJioRTg6FSjaEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADcH/FMRTSN/GAQnHWOJ2rMPf+/om00Ja0Hrz+xwyA4qgAAAAA

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                                                                                    Entropy (8bit):0.46731661083066856
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3is25q0S9K0xHZ75fOV:TLiOUOq0afDdWec9sJf5Q7J5fc
                                                                                                                                                                                                                                                                    MD5:E93ACF0820CA08E5A5D2D159729F70E3
                                                                                                                                                                                                                                                                    SHA1:2C1A4D4924B9AEC1A796F108607404B000877C5D
                                                                                                                                                                                                                                                                    SHA-256:F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
                                                                                                                                                                                                                                                                    SHA-512:3BF36C20E04DCF1C16DC794E272F82F68B0DE43F16B4A9746B63B6D6BBC953B00BD7111CDA7AFE85CEBB2C447145483A382B15E2B0A5B36026C3441635D4E50C
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_0

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                    Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                                                                    MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                                                                    SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                                                                    SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                                                                    SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                                                                                    Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                                                                    MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                                                                    SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                                                                    SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                                                                    SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_2

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_3

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                                                                                    Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                                                                    MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                                                                    SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                                                                    SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                                                                    SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ShaderCache\index

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):262512
                                                                                                                                                                                                                                                                    Entropy (8bit):9.371990371861502E-4
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:LsNlurKXl:Ls32ql
                                                                                                                                                                                                                                                                    MD5:62CA331FE957CEE1416BD6501489C185
                                                                                                                                                                                                                                                                    SHA1:47473292D1B859181E67AB8D287931E519B53DC6
                                                                                                                                                                                                                                                                    SHA-256:7680DCC7556B1D9B86031D2AD77353D31E01339C8D9C4B8D0D4740BB937F3E7A
                                                                                                                                                                                                                                                                    SHA-512:4DCA3D639EB0926061BF92AC0A21BD499F19F2ADBB9F74F33C547329CA8DADE91584963A18FF4EBB53757D8ABD9EEE42798D12500304086D8A731AAC328CA2DA
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........................................vW.e../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):47
                                                                                                                                                                                                                                                                    Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                                                                    MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                                                                    SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                                                                    SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                                                                    SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):35
                                                                                                                                                                                                                                                                    Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                                                                    MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                                                                    SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                                                                    SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                                                                    SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):29
                                                                                                                                                                                                                                                                    Entropy (8bit):3.922828737239167
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:2NGw+K+:fwZ+
                                                                                                                                                                                                                                                                    MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                                                                                                                                                                                                                                                    SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                                                                                                                                                                                                                                                    SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                                                                                                                                                                                                                                                    SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:customSynchronousLookupUris_0

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSynchronousLookupUris_0

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):35302
                                                                                                                                                                                                                                                                    Entropy (8bit):7.99333285466604
                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                    SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                                                                                                                                                    MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                                                                                                                                                    SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                                                                                                                                                    SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                                                                                                                                                    SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):18
                                                                                                                                                                                                                                                                    Entropy (8bit):3.5724312513221195
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:kDnaV6bVon:kDYa2
                                                                                                                                                                                                                                                                    MD5:5692162977B015E31D5F35F50EFAB9CF
                                                                                                                                                                                                                                                                    SHA1:705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D
                                                                                                                                                                                                                                                                    SHA-256:42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
                                                                                                                                                                                                                                                                    SHA-512:32905A4CC5BCE0FE8502DDD32096F40106625218BEDC4E218A344225D6DF2595A7B70EEB3695DCEFDD894ECB2B66BED479654E8E07F02526648E07ACFE47838C
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:edgeSettings_2.0-0

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\edgeSettings_2.0-0

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):3581
                                                                                                                                                                                                                                                                    Entropy (8bit):4.459693941095613
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                                                                                                                                                                                                                                                                    MD5:BDE38FAE28EC415384B8CFE052306D6C
                                                                                                                                                                                                                                                                    SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                                                                                                                                                                                                                                                                    SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                                                                                                                                                                                                                                                                    SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):47
                                                                                                                                                                                                                                                                    Entropy (8bit):4.493433469104717
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:kfKbQSQSuLA5:kyUc5
                                                                                                                                                                                                                                                                    MD5:3F90757B200B52DCF5FDAC696EFD3D60
                                                                                                                                                                                                                                                                    SHA1:569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
                                                                                                                                                                                                                                                                    SHA-256:1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
                                                                                                                                                                                                                                                                    SHA-512:39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:synchronousLookupUris_636976985063396749.rel.v2

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):35302
                                                                                                                                                                                                                                                                    Entropy (8bit):7.99333285466604
                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                    SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                                                                                                                                                    MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                                                                                                                                                    SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                                                                                                                                                    SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                                                                                                                                                    SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):50
                                                                                                                                                                                                                                                                    Entropy (8bit):3.9904355005135823
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                                                                                                                                                                                                                                                    MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                                                                                                                                                                                                                                                    SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                                                                                                                                                                                                                                                    SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                                                                                                                                                                                                                                                    SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):575056
                                                                                                                                                                                                                                                                    Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                    SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                                                                    MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                                                                    SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                                                                    SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                                                                    SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):87
                                                                                                                                                                                                                                                                    Entropy (8bit):4.415446034314543
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQd:YQ3Kq9X0dMgAEwjj
                                                                                                                                                                                                                                                                    MD5:3FA87FFDBFD627F217A5F052D6D3A7AC
                                                                                                                                                                                                                                                                    SHA1:0746F46DE416E30212C78E240BF6B5352EE2EF9C
                                                                                                                                                                                                                                                                    SHA-256:7C782809649AE44D26AD9EC63F900A8B306E91ED01410EEDD6A9AB778770ED2B
                                                                                                                                                                                                                                                                    SHA-512:EDAEDD2E75B29829BE86D25CB0D894832FCA323FD12493133E9230007D3FA353F12F3DBC87DAD9FE2B86D0F26EC3814C9951975ADFF3421623C44642AA780894
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":14}

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                    Size (bytes):2278
                                                                                                                                                                                                                                                                    Entropy (8bit):3.846605072156215
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:48:uiTrlKxrgxoyxl9Il8ujMFiaBg9ez2A9IAawDd1rc:mUYoBg9ez2Yawk
                                                                                                                                                                                                                                                                    MD5:03DDB170DF7654FA93E4C6817EF73CDE
                                                                                                                                                                                                                                                                    SHA1:C16D8486D1A5AB65DCFB658FBF0F4ED9EA24A12D
                                                                                                                                                                                                                                                                    SHA-256:BFB4CE7243E479B220575D465C67D2471053FE62C5F11187D549F7A99BB153DD
                                                                                                                                                                                                                                                                    SHA-512:CED1D5456DAE2AB704B4F2473F999004CC842C02C809D5BE4EABA36E200305CE158CCFAB4BF39ACC078966DD6BFFC649AF4609748C7EB9AE1CCA87C51200B3DE
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.H.u.X.V.B.Z.G.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.2.n.L.q.I.0.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):4622
                                                                                                                                                                                                                                                                    Entropy (8bit):3.9994548658794553
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:96:yaYlJzGkd9cugkJSWcnCSs2t4C4KW06T4gJ2Ev:yau9cccU2tbXsHv
                                                                                                                                                                                                                                                                    MD5:22584D2A4FB9F1112BC0D10521D1C75D
                                                                                                                                                                                                                                                                    SHA1:30E178E58928B8A017901FC77F4A8F161CF4C32D
                                                                                                                                                                                                                                                                    SHA-256:477247AF16C2335AA33C4E1FF556B51DD1CB9135143FA037A6A7E1144AEBF30B
                                                                                                                                                                                                                                                                    SHA-512:B2C1958EA874F2A4ED8798DA2DEE889D2E0AFF8AF34CBE6276AA5580BF40746EFFDCE9134A02C09E678DADEA5EF414540C18C6ABB95A47E937CBA7CDA6A6A835
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".i.c.v.5.O.g.5.G.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.2.n.L.q.I.0.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):2684
                                                                                                                                                                                                                                                                    Entropy (8bit):3.9054598183642115
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:48:uiTrlKx68Wa7xZgxl9Il8ujXem/JgUZ5oVJslDEv+Xid/vc:aoYgO9oV2/
                                                                                                                                                                                                                                                                    MD5:111C16244D76A4163077E1C544E2CEC1
                                                                                                                                                                                                                                                                    SHA1:86E5FB06DBE64719B6C444E053951055A9760366
                                                                                                                                                                                                                                                                    SHA-256:F9F9B92EBDDBBF8ADE45D8A9027BC4F512194065838674C19B7AB72DD15C97A0
                                                                                                                                                                                                                                                                    SHA-512:CE70E3EC0EFF947915A3A6B663D6A74280BCC3725CC93059FCA1C1569E6AA12CA13B74FAD30A3DD531502175B96DD62655AC43200B16F2F7F886686534A260DC
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".7.J.P.8.a.9.9.k.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.2.n.L.q.I.0.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):64
                                                                                                                                                                                                                                                                    Entropy (8bit):0.34726597513537405
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:Nlll:Nll
                                                                                                                                                                                                                                                                    MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                                                                                                                                    SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                                                                                                                                    SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                                                                                                                                    SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:@...e...........................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):162028032
                                                                                                                                                                                                                                                                    Entropy (8bit):6.733467447219974
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:1572864:2CquurbtqKajQe7vqrTU4PrCsdCXrBngPE1cG7VOWe2IkBmUgq3Fd6iU3x6VCdbm:MDAgZi
                                                                                                                                                                                                                                                                    MD5:7153F5DCF75B41969A641F98F370D035
                                                                                                                                                                                                                                                                    SHA1:E1D0C1D865C126BDED0376E01DCB18FC1D2F622D
                                                                                                                                                                                                                                                                    SHA-256:FB7506B750512AA4807F75CB0F9401C0A34A1097E35D5EC78B468557261C50F1
                                                                                                                                                                                                                                                                    SHA-512:2CBA838A3EDEBBE964BE243966976DB3C5A9AD1041ADDC467543699C182320991FA66C3A54A4C05D16818CCE395B38D3016D72E84E476F988535BF0DE811CC53
                                                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 1%, Browse
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...>..d.........."......v.....................@..........................................`...........................................D.od..e.H.T............p..,.@.............`.....:.......................:.(...`...8...........P,H......iD......................text....u.......v.................. ..`.rdata...`k......bk..|..............@..@.data....bE...L.......K.............@....pdata..,.@..p....@...V.............@..@.00cfg..(............J..............@..@.gxfg....B.......B...L..............@..@.retplne.....`...........................rodata......p...................... ..`.tls................................@....voltbl.R...............................CPADinfo8...........................@...LZMADEC............................. ..`_RDATA..............................@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..`.......

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\unrealgame\chrome_100_percent.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):129690
                                                                                                                                                                                                                                                                    Entropy (8bit):7.91868310789661
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3072:AEKzwqCT4weSxQCS/qGTL2o418Gb0+VRLf0ld0GY3cQ39Vm2I:AEKzwt4hC4/rK18Gb0OV8ld0GecQ3f2
                                                                                                                                                                                                                                                                    MD5:8626E1D68E87F86C5B4DABDF66591913
                                                                                                                                                                                                                                                                    SHA1:4CD7B0AC0D3F72587708064A7B0A3BECA3F7B81C
                                                                                                                                                                                                                                                                    SHA-256:2CAA1DA9B6A6E87BDB673977FEE5DD771591A1B6ED5D3C5F14B024130A5D1A59
                                                                                                                                                                                                                                                                    SHA-512:03BCD8562482009060F249D6A0DD7382FC94D669A2094DEC08E8D119BE51BEF2C3B7B484BB5B7F805AE98E372DAB9383A2C11A63AB0F5644146556B1BB9A4C99
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..............t...#.....:.I....yp....y6....y.....y#....y.....y`....ym....y.....y.....yI....y.....y'"...y.,...y.7...y;9...yv:...y(<...y.<...y.B...yfH...y.J...y.K...y.L.....M...N...aP...IS...BV...uY...]...Pa....d..&..h..'..i..(.hk..)..l..*..m..+.An..0..n..1.....2.....>.....?.....@.....A.....B.P...C.}...D.....F.9...H.r...I.I...J.....K.....L.....M.....N.6...O.....Q..%..R..(..T..1..U..4..W..>..X..H..^..M.._..N..`.mW..a.._..b..`..c.Cb..d.$d..e.Jg..g..g..i..k..j.*m..k..n..l..p..m..s..n..s..o..u..p..v..r..y..s.|{..u..~..v.<...x.....y.....~.......r..................................8................l.....;..... ......................p.....2..... .....8.....>.......................M.......................^.......................x...r.R...s.....t.....u.K...v.....w.....x.....y.+...z.~...{.....|.....}.a...~.u....._..........._...........l...................................Y.......................;.................R.................w...........6.................].................z.......

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\unrealgame\chrome_200_percent.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):179971
                                                                                                                                                                                                                                                                    Entropy (8bit):7.941375268079628
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3072:rDQYaEQN6AJPrSxQCS/qGTafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+HxNK/r4:rDQYaNN68rC4/Ygx5GMRejnbdZnVE6YR
                                                                                                                                                                                                                                                                    MD5:48515D600258D60019C6B9C6421F79F6
                                                                                                                                                                                                                                                                    SHA1:0EF0B44641D38327A360AA6954B3B6E5AAB2AF16
                                                                                                                                                                                                                                                                    SHA-256:07BEE34E189FE9A8789AED78EA59AD41414B6E611E7D74DA62F8E6CA36AF01CE
                                                                                                                                                                                                                                                                    SHA-512:B7266BC8ABC55BD389F594DAC0C0641ECF07703F35D769B87E731B5FDF4353316D44F3782A4329B3F0E260DEAD6B114426DDB1B0FB8CD4A51E0B90635F1191D9
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..............t...#.....:.t....y.....y.....y.....y.....y.....y.....y.%...y.*...y.-...yc5...y.9...y.A...y.V...yCk...y.m...y)o...yyr...y#s...y.}...y.....y....y....y................................K....!.......&.....'....(.Q...).....*.....+.*...0....1.....2.....>.....?.f...@..$..A..&..B..)..C.1/..D.M:..F..<..H.JD..I.-K..J..P..K..V..L..\..M..^..N.Vc..O.?g..Q..p..R..t..T.g|..U.X...W.....X.H...^....._.....`.....a.....b.b...c.....d.....e.....g.....i.....j.....k.....l.....m.....n.....o.....p.....r.....s.....u.....v.....x.....y.....~........*.....+...../.....4.....6.....8....T9.....9....~;.....=....q>.....@.....A....FD.....I.....M.....U.....].....c.....i.....o....Tu.....v.....w.....x.....y.....{.....|.....}..........?.........r.....s.U...t.....u.....v....w.....x....y.*...z.....{....|.<...}.....~.............1...........L..........z.................G...........X...........f.....*..........@.....................q...........Y..........W...........;........................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\unrealgame\d3dcompiler_47.dll

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):4891080
                                                                                                                                                                                                                                                                    Entropy (8bit):6.392150637672776
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:49152:IuhjwXkKcimPVqB4faGCMhGNYYpQVTxx6k/ftO4w6FXKpOD21pLeXvZCoFwI8ccA:oy904wYbZCoOI85oyI
                                                                                                                                                                                                                                                                    MD5:CB9807F6CF55AD799E920B7E0F97DF99
                                                                                                                                                                                                                                                                    SHA1:BB76012DED5ACD103ADAD49436612D073D159B29
                                                                                                                                                                                                                                                                    SHA-256:5653BC7B0E2701561464EF36602FF6171C96BFFE96E4C3597359CD7ADDCBA88A
                                                                                                                                                                                                                                                                    SHA-512:F7C65BAE4EDE13616330AE46A197EBAD106920DCE6A31FD5A658DA29ED1473234CA9E2B39CC9833FF903FB6B52FF19E39E6397FAC02F005823ED366CA7A34F62
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........c...c...c..Z....c...c../c....7..c.......c.......c..Z....c..Z...bc..Z....c..Z....c..Z...6c..Z.[..c..Z....c..Rich.c..................PE..d...-L............" ......8.........`.(...................................... K.....2.J...`A..........................................F.x.....F.P.....J.@.....H.......J..!....J......vD.p.....................<.(...P.<.8.............<.(............................text.....8.......8................. ..`.rdata...=....8..@....8.............@..@.data...@.....F.......F.............@....pdata........H.......G.............@..@.rsrc...@.....J.......I.............@..@.reloc........J.......I.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\unrealgame\ffmpeg.dll

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):2862080
                                                                                                                                                                                                                                                                    Entropy (8bit):6.7042588011125215
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:49152:XMoI7Qj3trgDtcfkW76fSL5Yqq6uthy4Y6NO8PyJegPTagrcjdiCOi2iNN3lzl3U:H3Kk76fUq/4TagreBOirnW
                                                                                                                                                                                                                                                                    MD5:D49E7A8F096AD4722BD0F6963E0EFC08
                                                                                                                                                                                                                                                                    SHA1:6835F12391023C0C7E3C8CC37B0496E3A93A5985
                                                                                                                                                                                                                                                                    SHA-256:F11576BF7FFBC3669D1A5364378F35A1ED0811B7831528B6C4C55B0CDC7DC014
                                                                                                                                                                                                                                                                    SHA-512:CA50C28D6AAC75F749ED62EEC8ACBB53317F6BDCEF8794759AF3FAD861446DE5B7FA31622CE67A347949ABB1098ECCB32689B4F1C54458A125BC46574AD51575
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...>..d.........." ......".........`.........................................B...........`A..........................................).......).(.............@.x.............A..2..D.).....................(.).(...."#.8.............).P............................text....."......."................. ..`.rdata...t....#..v....".............@..@.data...X.....*.."...n*.............@....pdata..x.....@.......*.............@..@.00cfg..(....@A......B+.............@..@.gxfg....+...PA..,...D+.............@..@.retplne\.....A......p+..................tls..........A......r+.............@....voltbl.8.....A......t+................._RDATA........A......v+.............@..@.reloc...2....A..4...x+.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Programs\unrealgame\icudtl.dat

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):10541296
                                                                                                                                                                                                                                                                    Entropy (8bit):6.277012685259397
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:98304:ffPBQYOo+ddlymff2LfPQCvliXUxiG9Ha93Whla6ZENSs285:ffPBhORjfAHliXUxiG9Ha93Whla6ZEV7
                                                                                                                                                                                                                                                                    MD5:ADFD2A259608207F256AEADB48635645
                                                                                                                                                                                                                                                                    SHA1:300BB0AE3D6B6514FB144788643D260B602AC6A4
                                                                                                                                                                                                                                                                    SHA-256:7C8C7B05D70145120B45CCB64BF75BEE3C63FF213E3E64D092D500A96AFB8050
                                                                                                                                                                                                                                                                    SHA-512:8397E74C7A85B0A2987CAE9F2C66CE446923AA4140686D91A1E92B701E16B73A6CE459540E718858607ECB12659BEDAC0AA95C2713C811A2BC2D402691FF29DC
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .Q....B.......B...#...B.. $...B..p$...B...$...B...%...B..`P...C...P...C...Q..(C......<C.....OC......bC..@...uC.......C..P....C.......C.......C..p....C.. ....C.......C.......D..p... D.....3D..0...FD.....YD.....lD.......D......D..0....D.......D..p....D......D..@....D.......E......E..@...*E.....=E..P...NE......bE.....rE..@....E.......E.......E..P....E.......E......E..@....F.......F.....'F..0...7F..P...JF......aF......qF...G...F.. H...F..`K...F...K...F...L...F...-...F...c...G....'.'G....'.>G..@.'.UG..0.'.oG....'..G...!'..G...!'..G..P&'..G...)'..G..@*'..H..`.(..H...e).7H..0.).VH...)*.xH....*..H....*..H...P+..H...Y+..H...Z+..I...]+. I..`^+.9I.. .+.UI....+.lI....+..I..P.-..I...=...I.......I.......I.. ....J..p....J......-J..p...EJ......ZJ......rJ..`....J..@....J.......J.......J..0....J.......J.......J..0....K..@....K..../.2K...,/.GK..../.\K..

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\4a9c2010-35c8-4393-942c-15e481873128.tmp.node

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):696832
                                                                                                                                                                                                                                                                    Entropy (8bit):5.71955944202422
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12288:I7P4JLntTmvCGWJ19UOkhOXjpb277I74liAANjDaZrnOB:vJLyAq2
                                                                                                                                                                                                                                                                    MD5:A3A6DC7F9B3C8E0DAA2F210E39BEA213
                                                                                                                                                                                                                                                                    SHA1:EE26C3C76A73D1A0526767C6DDD58E08F0F65198
                                                                                                                                                                                                                                                                    SHA-256:678B8AB500C3968A1B7CDCDB1F242E380670A49C659F305D50DAC0262974BE11
                                                                                                                                                                                                                                                                    SHA-512:9ED3319DA2AEC88CC2FF591FC58BC8FCD75921551BC366FC9F20D2AE106E77D8EF32A5E32470B53434313F305CE30D9B1712BFC014919F898D726E9D7E27EAD5
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........yR.*R.*R.*...+W.*...+..*...+X.*...+\.*...+[.*...+{.*...+W.*R.*..*...+P.*...+S.*..I*S.*...+S.*RichR.*................PE..d...r..e.........." .....n...P...............................................0............`.........................................`...s...h...<.......<....P...L...................f..8........................... e..8...............h.......@....................text....l.......n.................. ..`.rdata..............r..............@..@.data...!5..........................@....pdata..PU...P...V..................@..@.idata...............d..............@..@.didat...............x..............@....00cfg..Q...........................@..@_RDATA.."...........................@..@.rsrc...<...........................@..@.reloc..M...........................@..B........................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\7aaf3dde-09fa-49d0-88e8-53e6e9603ea9.tmp.node

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):255488
                                                                                                                                                                                                                                                                    Entropy (8bit):6.3283471797462285
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:3o06awTFRroAJKQEozTk/us7bqm/ohOnI:3o0cTjVJKQ9k/7bqm/o
                                                                                                                                                                                                                                                                    MD5:DE00E0648BB3EE003375504188D473EF
                                                                                                                                                                                                                                                                    SHA1:A43BE3FA52B56A4E8610590AC9465AA25401FBE5
                                                                                                                                                                                                                                                                    SHA-256:9666F8E196C798EF4419B1E6C1A8D4BDB4A399CCAB485A32A38BEF6EAEB4A384
                                                                                                                                                                                                                                                                    SHA-512:11772462CDAEFCFAAEF1D6D19C55C6454D8402E0056552FCBF63F68B5C999939A8BE34769B5FCB74872E2D7A890C0075B35D7E23565F76D246D5D624403A15B3
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........g.............9.......9...G...9...........................9..............d.......d.......d.......d.......Rich............PE..d......a.........." .....x..........8t.......................................P............`......................................... ...\...|...<....0..........d ...........@..l...@y..p...........................Pq..8...................d...@....................text...tv.......x.................. ..`.rdata...(.......*...|..............@..@.data....&..........................@....pdata..d ......."..................@..@_RDATA....... ......................@..@.rsrc........0......................@..@.reloc..l....@......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Chromium_Cookies.zip

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):310
                                                                                                                                                                                                                                                                    Entropy (8bit):3.9873117740411184
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6:5jc52cOi/Rj69Dq3Oi/tPMy2cO3Dq3+q3ORZ:5jcrJjMDklPMdDz/Z
                                                                                                                                                                                                                                                                    MD5:5863761BE8E207B078C0F25A2ABC7015
                                                                                                                                                                                                                                                                    SHA1:29F0EC338AD95500E62AFA8A859126C404F01BE1
                                                                                                                                                                                                                                                                    SHA-256:3E89353F29EF90DC4C4036697A5081D62802A1A1B1F73A3833A2F1324C928715
                                                                                                                                                                                                                                                                    SHA-512:7BD97C647D39E46F7DBC5E380F90FEE736F195A1BBFA2D100589BC0C5B9F715EA90B1FDE59D341BBD538E8B47197DF846A595F116269023FFC10252FEDF0E377
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:PK.........,.Y................chrome_default_Cookies.txt..PK..............PK.........,.Y................edge_default_Cookies.txt..PK..............PK..-........,.Y...................... .......chrome_default_Cookies.txtPK..-........,.Y...................... ...J...edge_default_Cookies.txtPK....................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1kdkotn2.0pq.psm1

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1o0lcihe.b0d.psm1

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4lu4d4wg.bss.ps1

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bv4ejd0z.33z.ps1

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_csov4lpj.gk4.psm1

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_elmstevw.cd0.ps1

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tmunljfb.2sa.psm1

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v5qsyqud.tdk.ps1

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\all-files.zip

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                                    File Type:Zip archive data (empty)
                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                    Size (bytes):22
                                                                                                                                                                                                                                                                    Entropy (8bit):1.0476747992754052
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:pjt/l:Nt
                                                                                                                                                                                                                                                                    MD5:76CDB2BAD9582D23C1F6F4D868218D6C
                                                                                                                                                                                                                                                                    SHA1:B04F3EE8F5E43FA3B162981B50BB72FE1ACABB33
                                                                                                                                                                                                                                                                    SHA-256:8739C76E681F900923B900C9DF0EF75CF421D39CABB54650C4B9AD19B6A76D85
                                                                                                                                                                                                                                                                    SHA-512:5E2F959F36B66DF0580A94F384C5FC1CEEEC4B2A3925F062D7B68F21758B86581AC2ADCFDDE73A171A28496E758EF1B23CA4951C05455CDAE9357CC3B5A5825F
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:PK....................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\b392957b-4ff5-4378-8506-05f7ec588e9f.tmp.node

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):140288
                                                                                                                                                                                                                                                                    Entropy (8bit):6.055411992765344
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3072:94PTD6FEzMju6bzJKjpEPeTOKvJhEnww+YbRYvPuq:94jQju6b9KilKvJurR8W
                                                                                                                                                                                                                                                                    MD5:04BFBFEC8DB966420FE4C7B85EBB506A
                                                                                                                                                                                                                                                                    SHA1:939BB742A354A92E1DCD3661A62D69E48030A335
                                                                                                                                                                                                                                                                    SHA-256:DA2172CE055FA47D6A0EA1C90654F530ABED33F69A74D52FAB06C4C7653B48FD
                                                                                                                                                                                                                                                                    SHA-512:4EA97A9A120ED5BEE8638E0A69561C2159FC3769062D7102167B0E92B4F1A5C002A761BD104282425F6CEE8D0E39DBE7E12AD4E4A38570C3F90F31B65072DD65
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..............C.......C.....C................................"...C...............................................Rich............................PE..d....-!e.........." ...#.>..........XG....................................................`.............................................X.......<....`.......0..$............p..........p...............................@............P..........@....................text...`=.......>.................. ..`.rdata.......P.......B..............@..@.data...............................@....pdata..$....0......................@..@_RDATA..\....P......................@..@.rsrc........`......................@..@.reloc.......p......................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\d343d789-d963-4936-b357-2cb8e482c52e.tmp.node

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):1453056
                                                                                                                                                                                                                                                                    Entropy (8bit):6.517222544789646
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:24576:HczztZ12vAxqcdzoAyv+liT0eYiYJ869tUb/K:8zztZ12vodwW0T0NZJftm
                                                                                                                                                                                                                                                                    MD5:56192831A7F808874207BA593F464415
                                                                                                                                                                                                                                                                    SHA1:E0C18C72A62692D856DA1F8988B0BC9C8088D2AA
                                                                                                                                                                                                                                                                    SHA-256:6AA8763714AA5199A4065259AF792292C2A7D6A2C381AA27007255421E5C9D8C
                                                                                                                                                                                                                                                                    SHA-512:C82AA1EF569C232B4B4F98A3789F2390E5F7BF5CC7E73D199FE23A3F636817EDFDC2FB49CE7F69169C028A9DD5AB9F63E8F64964BB22424FC08DB71E85054A33
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Z2..;\Q.;\Q.;\Q.]XP.;\Q.]_P.;\Q.]YPw;\Q.SXP.;\Q.S_P.;\Q.SYP.;\Q.]]P.;\Q.;]Q6;\QcRUP.;\QcR\P.;\QcR.Q.;\QcR^P.;\QRich.;\Q........PE..d....}*`.........." ................T.....................................................`.............................................\.......(....P.......p...............`......P...p............................7..........................@....................text............................... ..`.rdata..&J.......L..................@..@.data...dR.......<..................@....pdata.......p.......:..............@..@.rsrc........P......................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\KametaSetup.exe

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):162028032
                                                                                                                                                                                                                                                                    Entropy (8bit):6.733467447219974
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:1572864:2CquurbtqKajQe7vqrTU4PrCsdCXrBngPE1cG7VOWe2IkBmUgq3Fd6iU3x6VCdbm:MDAgZi
                                                                                                                                                                                                                                                                    MD5:7153F5DCF75B41969A641F98F370D035
                                                                                                                                                                                                                                                                    SHA1:E1D0C1D865C126BDED0376E01DCB18FC1D2F622D
                                                                                                                                                                                                                                                                    SHA-256:FB7506B750512AA4807F75CB0F9401C0A34A1097E35D5EC78B468557261C50F1
                                                                                                                                                                                                                                                                    SHA-512:2CBA838A3EDEBBE964BE243966976DB3C5A9AD1041ADDC467543699C182320991FA66C3A54A4C05D16818CCE395B38D3016D72E84E476F988535BF0DE811CC53
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...>..d.........."......v.....................@..........................................`...........................................D.od..e.H.T............p..,.@.............`.....:.......................:.(...`...8...........P,H......iD......................text....u.......v.................. ..`.rdata...`k......bk..|..............@..@.data....bE...L.......K.............@....pdata..,.@..p....@...V.............@..@.00cfg..(............J..............@..@.gxfg....B.......B...L..............@..@.retplne.....`...........................rodata......p...................... ..`.tls................................@....voltbl.R...............................CPADinfo8...........................@...LZMADEC............................. ..`_RDATA..............................@..@malloc_h............................ ..`.rsrc...............................@..@.reloc..`.......

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\LICENSE.electron.txt

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):1096
                                                                                                                                                                                                                                                                    Entropy (8bit):5.13006727705212
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:24:36DiJHxRHuyPP3GtIHw1Gg9QH+sUW8Ok4F+d1o36qjFD:36DiJzfPvGt7ICQH+sfIte36AFD
                                                                                                                                                                                                                                                                    MD5:4D42118D35941E0F664DDDBD83F633C5
                                                                                                                                                                                                                                                                    SHA1:2B21EC5F20FE961D15F2B58EFB1368E66D202E5C
                                                                                                                                                                                                                                                                    SHA-256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
                                                                                                                                                                                                                                                                    SHA-512:3FFBBA2E4CD689F362378F6B0F6060571F57E228D3755BDD308283BE6CBBEF8C2E84BEB5FCF73E0C3C81CD944D01EE3FCF141733C4D8B3B0162E543E0B9F3E63
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:Copyright (c) Electron contributors.Copyright (c) 2013-2020 GitHub Inc...Permission is hereby granted, free of charge, to any person obtaining.a copy of this software and associated documentation files (the."Software"), to deal in the Software without restriction, including.without limitation the rights to use, copy, modify, merge, publish,.distribute, sublicense, and/or sell copies of the Software, and to.permit persons to whom the Software is furnished to do so, subject to.the following conditions:..The above copyright notice and this permission notice shall be.included in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,.EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF.MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND.NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE.LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION.OF CONTRACT, TORT OR OTHERWISE, ARISIN

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\LICENSES.chromium.html

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):6766160
                                                                                                                                                                                                                                                                    Entropy (8bit):4.735324161006094
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:24576:d7rs5kjWSnB3lWNeUmf0f6W6M6q6A6r/HXpErpem:rovj
                                                                                                                                                                                                                                                                    MD5:180F8ACC70405077BADC751453D13625
                                                                                                                                                                                                                                                                    SHA1:35DC54ACAD60A98AEEC47C7ADE3E6A8C81F06883
                                                                                                                                                                                                                                                                    SHA-256:0BFA9A636E722107B6192FF35C365D963A54E1DE8A09C8157680E8D0FBBFBA1C
                                                                                                                                                                                                                                                                    SHA-512:40D3358B35EB0445127C70DEB0CB87EC1313ECA285307CDA168605A4FD3D558B4BE9EB24A59568ECA9EE1F761E578C39B2DEF63AD48E40D31958DB82F128E0EC
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview: Generated by licenses.py; do not edit. --><!doctype html>.<html>.<head>.<meta charset="utf-8">.<meta name="viewport" content="width=device-width">.<meta name="color-scheme" content="light dark">.<title>Credits</title>.<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">.<link rel="stylesheet" href="chrome://credits/credits.css">.</head>.<body>.<span class="page-title" style="float:left;">Credits</span>.<a id="print-link" href="#" style="float:right;" hidden>Print</a>.<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->.<div class="product">.<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>.<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>.<input type="checkbox" hidden id="0">.<label class="show" for="0" tabindex="0"></label>.<div class="licence">.<pre>Copyright(C) 1997,2001 Takuya OOURA (email: ooura@kurims.kyoto-u.ac.jp)..You may us

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\chrome_100_percent.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):129690
                                                                                                                                                                                                                                                                    Entropy (8bit):7.91868310789661
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3072:AEKzwqCT4weSxQCS/qGTL2o418Gb0+VRLf0ld0GY3cQ39Vm2I:AEKzwt4hC4/rK18Gb0OV8ld0GecQ3f2
                                                                                                                                                                                                                                                                    MD5:8626E1D68E87F86C5B4DABDF66591913
                                                                                                                                                                                                                                                                    SHA1:4CD7B0AC0D3F72587708064A7B0A3BECA3F7B81C
                                                                                                                                                                                                                                                                    SHA-256:2CAA1DA9B6A6E87BDB673977FEE5DD771591A1B6ED5D3C5F14B024130A5D1A59
                                                                                                                                                                                                                                                                    SHA-512:03BCD8562482009060F249D6A0DD7382FC94D669A2094DEC08E8D119BE51BEF2C3B7B484BB5B7F805AE98E372DAB9383A2C11A63AB0F5644146556B1BB9A4C99
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..............t...#.....:.I....yp....y6....y.....y#....y.....y`....ym....y.....y.....yI....y.....y'"...y.,...y.7...y;9...yv:...y(<...y.<...y.B...yfH...y.J...y.K...y.L.....M...N...aP...IS...BV...uY...]...Pa....d..&..h..'..i..(.hk..)..l..*..m..+.An..0..n..1.....2.....>.....?.....@.....A.....B.P...C.}...D.....F.9...H.r...I.I...J.....K.....L.....M.....N.6...O.....Q..%..R..(..T..1..U..4..W..>..X..H..^..M.._..N..`.mW..a.._..b..`..c.Cb..d.$d..e.Jg..g..g..i..k..j.*m..k..n..l..p..m..s..n..s..o..u..p..v..r..y..s.|{..u..~..v.<...x.....y.....~.......r..................................8................l.....;..... ......................p.....2..... .....8.....>.......................M.......................^.......................x...r.R...s.....t.....u.K...v.....w.....x.....y.+...z.~...{.....|.....}.a...~.u....._..........._...........l...................................Y.......................;.................R.................w...........6.................].................z.......

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\chrome_200_percent.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):179971
                                                                                                                                                                                                                                                                    Entropy (8bit):7.941375268079628
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3072:rDQYaEQN6AJPrSxQCS/qGTafR54x5GMR+F44ffbdZnYw9p4AbIVGYoDd+HxNK/r4:rDQYaNN68rC4/Ygx5GMRejnbdZnVE6YR
                                                                                                                                                                                                                                                                    MD5:48515D600258D60019C6B9C6421F79F6
                                                                                                                                                                                                                                                                    SHA1:0EF0B44641D38327A360AA6954B3B6E5AAB2AF16
                                                                                                                                                                                                                                                                    SHA-256:07BEE34E189FE9A8789AED78EA59AD41414B6E611E7D74DA62F8E6CA36AF01CE
                                                                                                                                                                                                                                                                    SHA-512:B7266BC8ABC55BD389F594DAC0C0641ECF07703F35D769B87E731B5FDF4353316D44F3782A4329B3F0E260DEAD6B114426DDB1B0FB8CD4A51E0B90635F1191D9
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..............t...#.....:.t....y.....y.....y.....y.....y.....y.....y.%...y.*...y.-...yc5...y.9...y.A...y.V...yCk...y.m...y)o...yyr...y#s...y.}...y.....y....y....y................................K....!.......&.....'....(.Q...).....*.....+.*...0....1.....2.....>.....?.f...@..$..A..&..B..)..C.1/..D.M:..F..<..H.JD..I.-K..J..P..K..V..L..\..M..^..N.Vc..O.?g..Q..p..R..t..T.g|..U.X...W.....X.H...^....._.....`.....a.....b.b...c.....d.....e.....g.....i.....j.....k.....l.....m.....n.....o.....p.....r.....s.....u.....v.....x.....y.....~........*.....+...../.....4.....6.....8....T9.....9....~;.....=....q>.....@.....A....FD.....I.....M.....U.....].....c.....i.....o....Tu.....v.....w.....x.....y.....{.....|.....}..........?.........r.....s.U...t.....u.....v....w.....x....y.*...z.....{....|.<...}.....~.............1...........L..........z.................G...........X...........f.....*..........@.....................q...........Y..........W...........;........................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\d3dcompiler_47.dll

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):4891080
                                                                                                                                                                                                                                                                    Entropy (8bit):6.392150637672776
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:49152:IuhjwXkKcimPVqB4faGCMhGNYYpQVTxx6k/ftO4w6FXKpOD21pLeXvZCoFwI8ccA:oy904wYbZCoOI85oyI
                                                                                                                                                                                                                                                                    MD5:CB9807F6CF55AD799E920B7E0F97DF99
                                                                                                                                                                                                                                                                    SHA1:BB76012DED5ACD103ADAD49436612D073D159B29
                                                                                                                                                                                                                                                                    SHA-256:5653BC7B0E2701561464EF36602FF6171C96BFFE96E4C3597359CD7ADDCBA88A
                                                                                                                                                                                                                                                                    SHA-512:F7C65BAE4EDE13616330AE46A197EBAD106920DCE6A31FD5A658DA29ED1473234CA9E2B39CC9833FF903FB6B52FF19E39E6397FAC02F005823ED366CA7A34F62
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........c...c...c..Z....c...c../c....7..c.......c.......c..Z....c..Z...bc..Z....c..Z....c..Z...6c..Z.[..c..Z....c..Rich.c..................PE..d...-L............" ......8.........`.(...................................... K.....2.J...`A..........................................F.x.....F.P.....J.@.....H.......J..!....J......vD.p.....................<.(...P.<.8.............<.(............................text.....8.......8................. ..`.rdata...=....8..@....8.............@..@.data...@.....F.......F.............@....pdata........H.......G.............@..@.rsrc...@.....J.......I.............@..@.reloc........J.......I.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\ffmpeg.dll

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):2862080
                                                                                                                                                                                                                                                                    Entropy (8bit):6.7042588011125215
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:49152:XMoI7Qj3trgDtcfkW76fSL5Yqq6uthy4Y6NO8PyJegPTagrcjdiCOi2iNN3lzl3U:H3Kk76fUq/4TagreBOirnW
                                                                                                                                                                                                                                                                    MD5:D49E7A8F096AD4722BD0F6963E0EFC08
                                                                                                                                                                                                                                                                    SHA1:6835F12391023C0C7E3C8CC37B0496E3A93A5985
                                                                                                                                                                                                                                                                    SHA-256:F11576BF7FFBC3669D1A5364378F35A1ED0811B7831528B6C4C55B0CDC7DC014
                                                                                                                                                                                                                                                                    SHA-512:CA50C28D6AAC75F749ED62EEC8ACBB53317F6BDCEF8794759AF3FAD861446DE5B7FA31622CE67A347949ABB1098ECCB32689B4F1C54458A125BC46574AD51575
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...>..d.........." ......".........`.........................................B...........`A..........................................).......).(.............@.x.............A..2..D.).....................(.).(...."#.8.............).P............................text....."......."................. ..`.rdata...t....#..v....".............@..@.data...X.....*.."...n*.............@....pdata..x.....@.......*.............@..@.00cfg..(....@A......B+.............@..@.gxfg....+...PA..,...D+.............@..@.retplne\.....A......p+..................tls..........A......r+.............@....voltbl.8.....A......t+................._RDATA........A......v+.............@..@.reloc...2....A..4...x+.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\icudtl.dat

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):10541296
                                                                                                                                                                                                                                                                    Entropy (8bit):6.277012685259397
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:98304:ffPBQYOo+ddlymff2LfPQCvliXUxiG9Ha93Whla6ZENSs285:ffPBhORjfAHliXUxiG9Ha93Whla6ZEV7
                                                                                                                                                                                                                                                                    MD5:ADFD2A259608207F256AEADB48635645
                                                                                                                                                                                                                                                                    SHA1:300BB0AE3D6B6514FB144788643D260B602AC6A4
                                                                                                                                                                                                                                                                    SHA-256:7C8C7B05D70145120B45CCB64BF75BEE3C63FF213E3E64D092D500A96AFB8050
                                                                                                                                                                                                                                                                    SHA-512:8397E74C7A85B0A2987CAE9F2C66CE446923AA4140686D91A1E92B701E16B73A6CE459540E718858607ECB12659BEDAC0AA95C2713C811A2BC2D402691FF29DC
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html .Q....B.......B...#...B.. $...B..p$...B...$...B...%...B..`P...C...P...C...Q..(C......<C.....OC......bC..@...uC.......C..P....C.......C.......C..p....C.. ....C.......C.......D..p... D.....3D..0...FD.....YD.....lD.......D......D..0....D.......D..p....D......D..@....D.......E......E..@...*E.....=E..P...NE......bE.....rE..@....E.......E.......E..P....E.......E......E..@....F.......F.....'F..0...7F..P...JF......aF......qF...G...F.. H...F..`K...F...K...F...L...F...-...F...c...G....'.'G....'.>G..@.'.UG..0.'.oG....'..G...!'..G...!'..G..P&'..G...)'..G..@*'..H..`.(..H...e).7H..0.).VH...)*.xH....*..H....*..H...P+..H...Y+..H...Z+..I...]+. I..`^+.9I.. .+.UI....+.lI....+..I..P.-..I...=...I.......I.......I.. ....J..p....J......-J..p...EJ......ZJ......rJ..`....J..@....J.......J.......J..0....J.......J.......J..0....K..@....K..../.2K...,/.GK..../.\K..

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\libEGL.dll

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):479232
                                                                                                                                                                                                                                                                    Entropy (8bit):6.320849747462847
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12288:su0LAjbIkyVVR8O9v/6TiT5eU3axzvYwo:sub49/6TiQzvYX
                                                                                                                                                                                                                                                                    MD5:09134E6B407083BAAEDF9A8C0BCE68F2
                                                                                                                                                                                                                                                                    SHA1:8847344CCEEAB35C1CDF8637AF9BD59671B4E97D
                                                                                                                                                                                                                                                                    SHA-256:D2107BA0F4E28E35B22837C3982E53784D15348795B399AD6292D0F727986577
                                                                                                                                                                                                                                                                    SHA-512:6FF3ADCB8BE48D0B505A3C44E6550D30A8FEAF4AA108982A7992ED1820C06F49E0AD48D9BD92685FB82783DFD643629BD1FE4073300B61346B63320CBDB051BA
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...>..d.........." ................p.....................................................`A........................................x.......e-..(.......x........B..............$...4...........................(...@1..8............0...............................text...E........................... ..`.rdata..,....0......................@..@.data....K....... ..................@....pdata...B.......D..................@..@.00cfg..(....`......................@..@.gxfg...0$...p...&..................@..@.retplne\............4...................tls....!............6..............@....voltbl.8............8.................._RDATA...............:..............@..@.rsrc...x............<..............@..@.reloc..$............B..............@..B........................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\libGLESv2.dll

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):7514112
                                                                                                                                                                                                                                                                    Entropy (8bit):6.462467169487978
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:98304:BuT3g23jeZ/02YPuLaw5RoD1rfEQ3CPdOEabcgsOMdi:BuDPTwLap14QzEijsvi
                                                                                                                                                                                                                                                                    MD5:A5F1921E6DCDE9EAF42E2CCC82B3D353
                                                                                                                                                                                                                                                                    SHA1:1F6F4DF99AE475ACEC4A7D3910BADB26C15919D1
                                                                                                                                                                                                                                                                    SHA-256:50C4DC73D69B6C0189EAB56D27470EE15F99BBBC12BFD87EBE9963A7F9BA404E
                                                                                                                                                                                                                                                                    SHA-512:0C24AE7D75404ADF8682868D0EBF05F02BBF603F7DDD177CF2AF5726802D0A5AFCF539DC5D68E10DAB3FCFBA58903871C9C81054560CF08799AF1CC88F33C702
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...>..d.........." ......X..........L.......................................s...........`A..........................................j.....N.j.d.....r.......o.PJ............r.....$.i.......................i.(.....X.8...........P.k.......j.@....................text.....X.......X................. ..`.rdata........X.......X.............@..@.data.........k..|....k.............@....pdata..PJ....o..L...No.............@..@.00cfg..(....0r.......q.............@..@.gxfg...p*...@r..,....q.............@..@.retplne\....pr.......q..................tls....:.....r.......q.............@....voltbl.D.....r.......q................._RDATA........r.......q.............@..@.rsrc.........r.......q.............@..@.reloc........r.......q.............@..B........................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\af.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):362355
                                                                                                                                                                                                                                                                    Entropy (8bit):5.4138809970208035
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:j54QCpN9/WiHIR9a5D4+kQMGSB+jC6kAw1TUKKpg3b9xIsVxSt2y5qP3ux5tPwDV:F9CpN9OiHIRX+HMT+jC6kAw1TYpg3b9P
                                                                                                                                                                                                                                                                    MD5:464E5EEABA5EFF8BC93995BA2CB2D73F
                                                                                                                                                                                                                                                                    SHA1:3B216E0C5246C874AD0AD7D3E1636384DAD2255D
                                                                                                                                                                                                                                                                    SHA-256:0AD547BB1DC57907ADEB02E1BE3017CCE78F6E60B8B39395FE0E8B62285797A1
                                                                                                                                                                                                                                                                    SHA-512:726D6C41A9DBF1F5F2EFF5B503AB68D879B088B801832C13FBA7EB853302B16118CACDA4748A4144AF0F396074449245A42B2FE240429B1AFCB7197FA0CB6D41
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........].h.(...i.0...j.<...k.K...l.V...n.^...o.c...p.p...r.v...s.....t.....v.....w.....y.....z.....|.....}................................................................... .....M.....Z.....i.....z...........................................................!.....4.....T.....[.....k.....{...........................................................$.....4.....B.....x.............................................................................2.....K.....g.....u.....}........................................................... .....0.....L.....a.......................................................................9.....N.....g.....n.....q.....r.....~.........................................D.....L.......................................................................'.....<.....^.....q................................................... .....".....%.D...(.`...*.....+.....,.........../.....0.....1.....3.....4.+...5.F...6.....7.....8.....9.....<.....=.....>.....?.....@.....A.8...C.`...D.g.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\am.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):583572
                                                                                                                                                                                                                                                                    Entropy (8bit):4.947180410657857
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12288:QqhqEuPxT8xZTtWosuF9Q5m9yAAVzfukCQox30jH8+I:Zh8T8xTWoZF9Q5m9yAAVzXCQ0
                                                                                                                                                                                                                                                                    MD5:2C933F084D960F8094E24BEE73FA826C
                                                                                                                                                                                                                                                                    SHA1:91DFDDC2CFF764275872149D454A8397A1A20AB1
                                                                                                                                                                                                                                                                    SHA-256:FA1E44215BD5ACC7342C431A3B1FDDB6E8B6B02220B4599167F7D77A29F54450
                                                                                                                                                                                                                                                                    SHA-512:3C9ECFB0407DE2AA6585F4865AD54EEB2EC6519C9D346E2D33ED0E30BE6CC3EBFED676A08637D42C2CA8FA6CFEFB4091FEB0C922FF71F09A2B89CDD488789774
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........Q.h.@...i.K...j.W...k.f...l.q...n.y...o.~...p.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................&.....-.....4.....5.....6.....;.....g........................................./.....7.....|...............................................A.....a.....q............................./.....R.....d.....m.............................4.....@.....O.....e...............................................I.....{............................................... .....3.....h.....w.............................:.....R.............................).....H.....n.....q.......................'.....G.....p.....w.....z.....{.........................................l.................".....B....._.....................................................;.....c.................).....u....................................... .....".0...%.f...(.....*.....+.....,.........../.....0.1...1.....3.....4.....5.....6.{...7.....8.....9.....;.....<.....=.5...>.o...?.y...@.....A.....C...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\ar.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):639744
                                                                                                                                                                                                                                                                    Entropy (8bit):4.950537001099058
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12288:K+sgtqIj5/XvYUtOkQIkqBJ5SNbW+eTtvZEMgSENjM:KD4Fek75z+K
                                                                                                                                                                                                                                                                    MD5:FDBAD4C84AC66EE78A5C8DD16D259C43
                                                                                                                                                                                                                                                                    SHA1:3CE3CD751BB947B19D004BD6916B67E8DB5017AC
                                                                                                                                                                                                                                                                    SHA-256:A62B848A002474A8EA37891E148CBAF4AF09BDBA7DAFEBDC0770C9A9651F7E3B
                                                                                                                                                                                                                                                                    SHA-512:376519C5C2E42D21ACEDB1EF47184691A2F286332451D5B8D6AAC45713861F07C852FB93BD9470FF5EE017D6004ABA097020580F1BA253A5295AC1851F281E13
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........~.z.h.....i.....j.....k.....l.....n.'...o.,...p.9...r.?...s.P...t.Y...v.n...w.{...y.....z.....|.....}...................................................................).....B....._.........................................-....._.....b.....f.........................................0.....G...................................................../.....O...............................................-.....7.....g.............................5.....`...............................................K.....[.....r.............................a.........................................".....=.....\.....w.................................................................V.......................o.............................<.....Y.....i.....q.....}.......................<.....^.........................................<.....M... ._...".|...%.....(.....*.M...+.P...,.n........./.....0.....1.....3.....4.=...5.d...6.....7.....8.....9.6...;.Q...<.r...=.....>.....?.....@.....A.....C.....D.....E.Y...F...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\bg.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):667826
                                                                                                                                                                                                                                                                    Entropy (8bit):4.715111408941832
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12288:MMq8w2kMLlYrdAs1aQUx41aVVwslMLOmFOMw35uKN31tfbDMxbV2Jfu64Kjz5fS+:MMqckulYrdAs1aQUmBsmRw35uK7Jgxho
                                                                                                                                                                                                                                                                    MD5:38BCABB6A0072B3A5F8B86B693EB545D
                                                                                                                                                                                                                                                                    SHA1:D36C8549FE0F69D05FFDAFFA427D3DDF68DD6D89
                                                                                                                                                                                                                                                                    SHA-256:898621731AC3471A41F8B3A7BF52E7F776E8928652B37154BC7C1299F1FD92E1
                                                                                                                                                                                                                                                                    SHA-512:002ADBDC17B6013BECC4909DAF2FEBB74CE88733C78E968938B792A52C9C5A62834617F606E4CB3774AE2DAD9758D2B8678D7764BB6DCFE468881F1107DB13EF
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........S.h.<...i.D...j.P...k._...l.j...n.r...o.w...p.....r.....s.....t.....v.....w.....y.....z.....|.....}...........................................&.....-.........../.....4.........................................:.....F.....P.........................................Q.....]...................................,.....V.........................................7...................................9.....?.....M.....a.......................9.....i.........................................(.....N.....x.......................=.....X.....n.......................Z.....s...................................8.....h.......................+.....2.....5.....6.....J.....`.....|.................(...........B.....N.................>...................................,.....6.....j.................7.....s.................?.....Q.....g..................... .....".....%.U...(.....*.....+.....,....... .../.N...0.W...1.....3.....4.....5.N...6.....7.....8.....9.@...;.m...<.....=.....>.....?.....@.....A.D...C...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\bn.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):858553
                                                                                                                                                                                                                                                                    Entropy (8bit):4.32277927640417
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3072:6gGTLRFbMdhBVHvr5eSnC6PRWhk7Bbd8+D95H0XluZ:YWBlvr5FCYRWuBbdB5wl2
                                                                                                                                                                                                                                                                    MD5:9340520696E7CB3C2495A78893E50ADD
                                                                                                                                                                                                                                                                    SHA1:EED5AEEF46131E4C70CD578177C527B656D08586
                                                                                                                                                                                                                                                                    SHA-256:1EA245646A4B4386606F03C8A3916A3607E2ADBBC88F000976BE36DB410A1E39
                                                                                                                                                                                                                                                                    SHA-512:62507685D5542CFCD394080917B3A92CA197112FEEA9C2DDC1DFC77382A174C7DDF758D85AF66CD322692215CB0402865B2A2B212694A36DA6B592028CAAFCDF
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........].h.(...i.9...j.E...k.T...l._...n.g...o.m...p.z...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................!.....(.....).....*...../.......................9.....K.....g.............................R.....T.....X.......................&.....[.............................E.....x.......................-.....O.....}.................e.....t.........................................5.....q.................2.....r.........................................-.....I.......................x...............................................@.....r.............................5.....c...............................................6.....M.....n.................1.....I.......................f.........................................@.................i...............................................J.....h... .}...".....%.....(.P...*.....,.........../.....0.....1.....3.....4.....5.^...6.....7.....8.u...9.....;.....<.....=.....>.R...?.e...@.....A.....C.c...D...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\ca.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):409695
                                                                                                                                                                                                                                                                    Entropy (8bit):5.417085582145732
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12288:bgoRVrijIs3cejEYBCqS4o3nbhjJSwHQliEwfwVEMXdLbpuQ16BtryBiGIle3nei:b3GQUwJAMNTCypxB5WMml
                                                                                                                                                                                                                                                                    MD5:4CD6B3A91669DDCFCC9EEF9B679AB65C
                                                                                                                                                                                                                                                                    SHA1:43C41CB00067DE68D24F72E0F5C77D3B50B71F83
                                                                                                                                                                                                                                                                    SHA-256:56EFFF228EE3E112357D6121B2256A2C3ACD718769C89413DE82C9D4305459C6
                                                                                                                                                                                                                                                                    SHA-512:699BE9962D8AAE241ABD1D1F35CD8468FFBD6157BCD6BDF2C599D902768351B247BAAD6145B9826D87271FD4A19744EB11BF7065DB7FEFB01D66D2F1F39015A9
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........R.h.>...i.F...j.R...k.a...l.l...n.t...o.y...p.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................!.....(...../.....0.....1.....3.....\.....v...............................................&.....D.....F.....J.....r.....................................................%.....5.....S.....n.....q.....{.........................................%.....5.....8.....;.....D.....X.....n.....................................................#.....5.....D.....U.....k.....r...................................'.....H.....Q.....b.....u.....................................................).....0.....3.....4.....=.....F.....N.....T.....f.................,.....4.....o.........................................$...../.....4.....J.....t.............................%.....>.....C.....M.....^.....z......... .....".....%.....(.....*.....+.....,.&.....P.../.m...0.r...1.....3.....4.....5.....6.1...7.B...8.V...9.h...;.v...<.....=.....>.....?.....@.....A.....C.....D.&...E.Z.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\cs.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):419829
                                                                                                                                                                                                                                                                    Entropy (8bit):5.845882900283008
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:RquUIAMYOnQYeAIV4g558YwGKNDsku8Qy:Rq/IA5On504g558YwbNDsC
                                                                                                                                                                                                                                                                    MD5:EEEE212072EA6589660C9EB216855318
                                                                                                                                                                                                                                                                    SHA1:D50F9E6CA528725CED8AC186072174B99B48EA05
                                                                                                                                                                                                                                                                    SHA-256:DE92F14480770401E39E22DCF3DD36DE5AD3ED22E44584C31C37CD99E71C4A43
                                                                                                                                                                                                                                                                    SHA-512:EA068186A2E611FB98B9580F2C5BA6FD1F31B532E021EF9669E068150C27DEEE3D60FD9FF7567B9EB5D0F98926B24DEFABC9B64675B49E02A6F10E71BB714AC8
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........s.h.....i.....j.....k.....l.*...n.2...o.7...p.D...r.J...s.[...t.d...v.y...w.....y.....z.....|.....}.........................................................................+.....;.....M....._.....h.....u...............................................G.....].....{.....................................................1.....@.....F.....M.....^.....p.................................................................0.....E.....[.....t.................................................................+.....6.....H.........................................".....(.....4.....@.....P.....u.....x.........................................................................................].......................A.....^.....z...............................................!.....G.....b.............................,.....3.....=.....J.....g.....q... .y...".....%.....(.....*.....+.....,.......(.../.?...0.I...1.....3.....4.....5.....6.....7. ...8.6...9.L...<.^...=.h...>.}...?.....@.....A.....C.....D...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\da.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):380107
                                                                                                                                                                                                                                                                    Entropy (8bit):5.46366244634788
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:czP4qlrn8+ua0swlGVJJwoXlw5CvET5VTrBGzO7iJyd4tTWwT:dqlr89JklwH55rETL
                                                                                                                                                                                                                                                                    MD5:E7BA94C827C2B04E925A76CB5BDD262C
                                                                                                                                                                                                                                                                    SHA1:ABBA6C7FCEC8B6C396A6374331993C8502C80F91
                                                                                                                                                                                                                                                                    SHA-256:D8DA7AB28992C8299484BC116641E19B448C20ADF6A8B187383E2DBA5CD29A0B
                                                                                                                                                                                                                                                                    SHA-512:1F44FCE789CF41FD62F4D387B7B8C9D80F1E391EDD2C8C901714DD0A6E3AF32266E9D3C915C15AD47C95ECE4C7D627AA7339F33EEA838D1AF9901E48EDB0187E
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........H.h.R...i.c...j.o...k.~...l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...................'...../.....7.....>.....E.....L.....M.....N.....P.....y...........................................................+.....-.....1.....Y.....n.................................................................-.....3.....;.....K.....o.......................................................................,.....C.....Y.....s.............................................................................?.....H.....i................................................................. .....+.....?.....Q.....e.....l.....o.....p.....w.........................................S.....W.................................................................".....?.....V...............................................".....5.....?... .C...".K...%.f...(.....*.....+.....,.........../.....0.....1.9...3.E...4._...5.w...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.(...A._...C.|...D...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\de.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):406584
                                                                                                                                                                                                                                                                    Entropy (8bit):5.519300999448185
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:V3JEmQ1hqVK+6aU8WUmzg3ELWzhqY305QgfXlIsCJd:V5t6sKXaK/LWy5POsCJd
                                                                                                                                                                                                                                                                    MD5:CF22EC11A33BE744A61F7DE1A1E4514F
                                                                                                                                                                                                                                                                    SHA1:73E84848C6D9F1A2ABE62020EB8C6797E4C49B36
                                                                                                                                                                                                                                                                    SHA-256:7CC213E2C9A2D2E2E463083DD030B86DA6BBA545D5CEE4C04DF8F80F9A01A641
                                                                                                                                                                                                                                                                    SHA-512:C10C8446E3041D7C0195DA184A53CFBD58288C06EAF8885546D2D188B59667C270D647FA7259F5CE140EC6400031A7FC060D0F2348AB627485E2207569154495
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........S...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.+...y.1...z.@...|.F...}.X.....`.....e.....m.....u.....}............................................................................./.....7.....@.....f.....|.....~.....................................................%.....M.....a.....o...............................................8.....L.....S.....^.....v.....................................................6....._.......................................................................7.....H.....a.....r...............................................".....5.....K....._.....x.................................................................?.............................#.....M.....x...........................................................(.....F.....j............................................. .....".....%.1...(.N...*.q...+.t...,.........../.....0.....1.....3.....4.....5.7...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.....A.>...C.]...D.g.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\el.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):729549
                                                                                                                                                                                                                                                                    Entropy (8bit):4.799528683257041
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12288:AQbueXYquNw2202pgtZBAujt4NIbsJvaP5A3HRsgQiEYQ3C1gf2ns4CfFnx1Xu2v:B2quNw2202pgtHAujmNrJvaRA3HRsDik
                                                                                                                                                                                                                                                                    MD5:E66A75680F21CE281995F37099045714
                                                                                                                                                                                                                                                                    SHA1:D553E80658EE1EEA5B0912DB1ECC4E27B0ED4790
                                                                                                                                                                                                                                                                    SHA-256:21D1D273124648A435674C7877A98110D997CF6992469C431FE502BBCC02641F
                                                                                                                                                                                                                                                                    SHA-512:D3757529DD85EF7989D9D4CECF3F7D87C9EB4BEDA965D8E2C87EE23B8BAAEC3FDFF41FD53BA839215A37404B17B8FE2586B123557F09D201B13C7736C736B096
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........U.h.8...i.@...j.J...k.Y...l.d...n.l...o.q...p.~...r.....s.....t.....v.....w.....y.....z.....|.....}........................................... .....'.....(.....).....+.............................&.....O.....~.........................................9.....g.............................1.....H.............................<.....T.....b......................./.....h.....p.........................................+.....].......................t.................................../.....T.....m.......................:.....].....n.................>.........................................".....E.....h.............................#.....&.....'.....C.....].....o.................4...........X.....h...........>.....x.................7.....P.....d.....w......................./.....................................................V.....k... .~...".....%.....(.....*.s...+.v...,.........../.....0.3...1.....3.....4.!...5._...6.....7.....8.=...9.\...;.....<.....=.....>.....?.....@.>...A.~...C...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\en-GB.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):331921
                                                                                                                                                                                                                                                                    Entropy (8bit):5.529632303060999
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:k6QL0f35ubiwMP9egutWbfaYX2YBB5HXSdBruC:6LduwMetW92M53SuC
                                                                                                                                                                                                                                                                    MD5:825ED4C70C942939FFB94E77A4593903
                                                                                                                                                                                                                                                                    SHA1:7A3FAEE9BF4C915B0F116CB90CEC961DDA770468
                                                                                                                                                                                                                                                                    SHA-256:E11E8DB78AE12F8D735632BA9FD078EC66C83529CB1FD86A31AB401F6F833C16
                                                                                                                                                                                                                                                                    SHA-512:41325BEC22AF2E5EF8E9B26C48F2DFC95763A249CCB00E608B7096EC6236AB9A955DE7E2340FD9379D09AC2234AEE69AED2A24FE49382FFD48742D72A929C56A
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:............h.....i.....j.....k.....l.....n.....o.#...p.0...r.6...s.G...t.P...v.e...w.r...y.x...z.....|.....}.....................................................................................$.....4.....;.....D.....[.....c.....m.......................................................................&.....A.....S.....b.....|.......................................................................(.....,...../.....5.....E.....T.....b.....{.............................................................................$.....S.....].....i.................................................................0.....@.....P.....e.....z.............................................................................A.....H.....x.............................................................................@.....U.....l............................................. .....".....%.....(.....*.6...+.9...,.W.....h.../.v...0.....1.....3.....4.....5.....6.....7.....8.C...9.P...;.a...<.i...=.t...>.....?.....@.....A...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\en-US.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):334693
                                                                                                                                                                                                                                                                    Entropy (8bit):5.521172766448584
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:Mvneu710gxhmrunGeuMP9eczCPMfaYbg3In5N+Sqn8BcwS:Ml0gxvNuMbCPmgA5YSNcwS
                                                                                                                                                                                                                                                                    MD5:19D18F8181A4201D542C7195B1E9FF81
                                                                                                                                                                                                                                                                    SHA1:7DEBD3CF27BBE200C6A90B34ADACB7394CB5929C
                                                                                                                                                                                                                                                                    SHA-256:1D20E626444759C2B72AA6E998F14A032408D2B32F957C12EC3ABD52831338FB
                                                                                                                                                                                                                                                                    SHA-512:AF07E1B08BBF2DD032A5A51A88EE2923650955873753629A086CAD3B1600CE66CA7F9ED31B8CA901C126C10216877B24E123144BB0048F2A1E7757719AAE73F2
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........&...h.>...i.F...j.R...k.a...l.l...n.t...o.y...p.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................!.....(...../.....0.....1.....6.....^.....k.....z................................................................. .....0.....G.....K.....V.....f.....m.....y.................................................................C.....V.....Z.....b.....n.....{.............................................................................$.....+.....1.....:.....E.....b.....i.....x.........................................3.....<.....E.....O.....].....p.....s...............................................................................................@.....m...........................................................%.....*...........>.....X.....q.....................................................&......... .2...".;...%.[...(.r...*.....+.....,.........../.....0.....1.....3.....4.)...5.@...6.r...7.....8.....9.....;.....<.....=.....>.....?.....@.....A.!.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\es-419.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):404903
                                                                                                                                                                                                                                                                    Entropy (8bit):5.392122812912978
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3072:75rkwZKG5KJo0ZyFPK9zj4rMY4rjyujd8pyPWncpwwfNEOv553l50GLFddhRIHKj:t1K2YZIK9BYgapFGl5dLFddA7Fcp
                                                                                                                                                                                                                                                                    MD5:7DA3E8AA47BA35D014E1D2A32982A5BB
                                                                                                                                                                                                                                                                    SHA1:8E35320B16305AD9F16CB0F4C881A89818CD75BB
                                                                                                                                                                                                                                                                    SHA-256:7F85673CF80D1E80ACFC94FB7568A8C63DE79A13A1BB6B9D825B7E9F338EF17C
                                                                                                                                                                                                                                                                    SHA-512:1FCA90888EB067972BCCF74DD5D09BB3FCE2CEB153589495088D5056ED4BDEDE15D54318AF013C2460F0E8B5B1A5C6484ADF0ED84F4B0B3C93130B086DA5C3BF
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........=.h.h...i.q...j.}...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}. .....(.....-.....5.....=.....E.....L.....S.....Z.....[.....\.....^...........................................................'.....>.....@.....D.....p...........................................................(.....H.....b.....g.....o.........................................#.....9.....N.....T.....W.....].....t...................................@.....P.....V.....^.....e.....x...............................................&.....2.....a.................................................................1.....I....._.....f.....i.....j.....s.....|.............................0.....t.....|.......................3.....B.....\.....m.....x.........................................*.....I............................................. .....".....%.(...(.A...*.]...+.`...,.~........./.....0.....1.....3.....4.3...5.V...6.....7.....8.....9.....;.....<.....=.....>.!...?.+...@.@...A.s...C.....D...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\es.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):404348
                                                                                                                                                                                                                                                                    Entropy (8bit):5.362527979144936
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:/Q0DA42b4XUx+SCHgfUcp9Ch48BKjbu5mrj7o2oxjm6PZqJ:YK2b40P9pchXgjbu5mrroNSJ
                                                                                                                                                                                                                                                                    MD5:04A9BA7316DC81766098E238A667DE87
                                                                                                                                                                                                                                                                    SHA1:24D7EB4388ECDFECADA59C6A791C754181D114DE
                                                                                                                                                                                                                                                                    SHA-256:7FA148369C64BC59C2832D617357879B095357FE970BAB9E0042175C9BA7CB03
                                                                                                                                                                                                                                                                    SHA-512:650856B6187DF41A50F9BED29681C19B4502DE6AF8177B47BAD0BF12E86A25E92AA728311310C28041A18E4D9F48EF66D5AD5D977B6662C44B49BFD1DA84522B
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........J.h.N...i.V...j.b...k.q...l.|...n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................".....*.....1.....8.....?.....@.....A.....C.....r...........................................................2.....4.....8.....`.................................................................:.....T.....Y.....a.....s...............................................&.....,...../.....5.....L.....k............................. .....0.....6.....>.....E.....X.....e.....v...............................................F.....m.....x.................................................................B.....I.....L.....M.....V....._.....h.....o.......................k.....s.......................).....8.....R.....c.....n.....z.........................................2.....f....................................... .....".....%.....(.!...*.@...+.C...,.a.....{.../.....0.....1.....3.....4.....5."...6.n...7.....8.....9.....;.....<.....=.....>.....?.....@.....A.B...C.i...D.s.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\et.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):365447
                                                                                                                                                                                                                                                                    Entropy (8bit):5.471951090286899
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:U/RGRpph+2n4x6i05L9H4h+JbT/R/WiMMn5bjN43qcLQ6PQX:8R6pHnpcmzn5bjh
                                                                                                                                                                                                                                                                    MD5:CCC71F88984A7788C8D01ADD2252D019
                                                                                                                                                                                                                                                                    SHA1:6A87752EAC3044792A93599428F31D25DEBEA369
                                                                                                                                                                                                                                                                    SHA-256:D69489A723B304E305CB1767E6C8DA5D5D1D237E50F6DDC76E941DCB01684944
                                                                                                                                                                                                                                                                    SHA-512:D35CCD639F2C199862E178A9FAB768D7DB10D5A654BC3BC1FAB45D00CEB35A01119A5B4D199E2DB3C3576F512B108F4A1DF7FAF6624D961C0FC4BCA5AF5F0E07
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........8.h.r...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|. ...}.2.....:.....?.....G.....O.....W.....^.....e.....l.....m.....n.....p.....................................................+.....b.....x.....z.....~.....................................................3.....C.....U.....k.....x.....~................................................................. .....#.....*.....>.....Q.....c.....|.................................................................(.....3.....?.....f.....s.....................................................1.....4.....D.....T.....c.....x.......................................................................S...................................5.....A.....L.....P.....Z....._.....b.....r...................................3.....M.....R.....Z.....l............... .....".....%.....(.....*.....+.....,.<.....V.../.n...0.{...1.....3.....4.....5.....6.....7.5...8.N...9.a...;.t...<.....=.....>.....?.....@.....A.....C.....D.%.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\fa.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):591476
                                                                                                                                                                                                                                                                    Entropy (8bit):5.080621083768775
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12288:HniDys0XVX9nuyaXTfwIDwNUWGOGfStQvjy1feKtDmrwMTAKzIxRAQiHedNu36Xp:HneM3uyaXTfwewNUWGOGfStQvjy1feKn
                                                                                                                                                                                                                                                                    MD5:2E37FD4E23A1707A1ECCEA3264508DFF
                                                                                                                                                                                                                                                                    SHA1:E00E58ED06584B19B18E9D28B1D52DBFC36D70F3
                                                                                                                                                                                                                                                                    SHA-256:B9EE861E1BDECFFE6A197067905279EA77C180844A793F882C42F2B70541E25E
                                                                                                                                                                                                                                                                    SHA-512:7C467F434EB0CE8E4A851761AE9BD7A9E292AAB48E8E653E996F8CA598D0EB5E07EC34E2B23E544F3B38439DC3B8E3F7A0DFD6A8E28169AA95CEFF42BF534366
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........^...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.;...y.A...z.P...|.V...}.h.....p.....u.....}...........................................................'.....Q.....`.....i...................................".....*.....R.....u.........................................Q.....y.........................................(...........................................................K.....l.......................,....._.....z..........................................................._.....v.............................K.....g.....v.........................................(.....I.....a.....~.....................................................F........... .....3.......................*.....B.....c.....k.....~...................................X.....~.................#.....-.....3.....M.....{......... .....".....%.....(.....*.\...+._...,.}........./.....0.....1.....3.....4._...5.....6.....7.)...8.b...9.{...;.....<.....=.....>.....?.....@.....A.E...C.....D.....E...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\fi.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):374471
                                                                                                                                                                                                                                                                    Entropy (8bit):5.4357475905490436
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:sMeOXrZx5SkDbhCwx+sk/bOE/BanTLLE5lJucHcEJ18OWUczfSUWcX1wR2:snAr15wRBaA5lJxHcEJ18OWUII2
                                                                                                                                                                                                                                                                    MD5:21E534869B90411B4F9EA9120FFB71C8
                                                                                                                                                                                                                                                                    SHA1:CC91FFBD19157189E44172392B2752C5F73984C5
                                                                                                                                                                                                                                                                    SHA-256:2D337924139FFE77804D2742EDA8E58D4E548E65349F827840368E43D567810B
                                                                                                                                                                                                                                                                    SHA-512:3CA3C0ADAF743F92277452B7BD82DB4CF3F347DE5568A20379D8C9364FF122713BEFD547FBD3096505EC293AE6771ADA4CD3DADAC93CC686129B9E5AACF363BD
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........k...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.0...t.9...v.N...w.[...y.a...z.p...|.v...}...........................................................................................)...../.....8.....U.....\.....l.........................................".....'.....5.....?.....N.....Z........................................................... .....-.....5.....<.....N.....f.....j.....t.....z.........................................7.....A.....F.....N.....U.....a.....n.....{.............................................../.....Q.....Y.....i.....u......................................................................................... .....'.....6.............................b.....t...........................................................(.....D.....f.....}................................................... .....".2...%.^...(.{...*.....+.....,.........../.....0.....1.:...3.H...4.d...5.~...6.....7.....8.....9.....;.0...<.@...=.L...>.b...?.k...@.....A.....C.....D.....E...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\fil.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):419886
                                                                                                                                                                                                                                                                    Entropy (8bit):5.213443304857257
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:BnI+f5Qm2xaVyEDQftIK9bSNxeFXGvZ3Omy5GzmHYFAk1s8:C+f541e+b4xy5ym8
                                                                                                                                                                                                                                                                    MD5:D7DF2EA381F37D6C92E4F18290C6FFE0
                                                                                                                                                                                                                                                                    SHA1:7CACF08455AA7D68259FCBA647EE3D9AE4C7C5E4
                                                                                                                                                                                                                                                                    SHA-256:DB4A63FA0D5B2BABA71D4BA0923CAED540099DB6B1D024A0D48C3BE10C9EED5A
                                                                                                                                                                                                                                                                    SHA-512:96FC028455F1CEA067B3A3DD99D88A19A271144D73DFF352A3E08B57338E513500925787F33495CD744FE4122DFF2D2EE56E60932FC02E04FEED2EC1E0C3533F
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:............h.....i.....j.....k.-...l.8...n.@...o.E...p.R...r.X...s.i...t.r...v.....w.....y.....z.....|.....}.........................................................................).....6.....K.....a.....h.....q.....................................................'.....D.....J.....[.....q.....{...............................................#.....5.....N.....d...........................................................$.....8.....Q.....v.................................................................,.....7.....W.........................................4.....D.....R.....`.....u...............................................-.....4.....7.....8.....B.....L.....V.....a.....j.....{.................T.....\........................................."...../.....9.....?.....X.....~.............................C.....b.....i.....t..................... .....".....%.....(.....*.5...+.8...,.V.....n.../.....0.....1.....3.....4.....5.....6.I...7._...8.{...9.....;.....<.....=.....>.....?.....@.....A.*.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\fr.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):436450
                                                                                                                                                                                                                                                                    Entropy (8bit):5.4004782148030905
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12288:LKi1uIt6QuagV1ZzosmZ7MYnYV1S3Bb5MxlqE0wC5wZLljHnkH0oR5FEu64JGV7h:qVVQ515CF
                                                                                                                                                                                                                                                                    MD5:3EE48A860ECF45BAFA63C9284DFD63E2
                                                                                                                                                                                                                                                                    SHA1:1CB51D14964F4DCED8DEA883BF9C4B84A78F8EB6
                                                                                                                                                                                                                                                                    SHA-256:1923E0EDF1EF6935A4A718E3E2FC9A0A541EA0B4F3B27553802308F9FD4FC807
                                                                                                                                                                                                                                                                    SHA-512:EB6105FACA13C191FEF0C51C651A406B1DA66326BB5705615770135D834E58DEE9BED82AA36F2DFB0FE020E695C192C224EC76BB5C21A1C716E5F26DFE02F763
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:.........._.h.$...i.5...j.A...k.P...l.[...n.c...o.h...p.u...r.{...s.....t.....v.....w.....y.....z.....|.....}............................................................. .....".....G.....W.....e.....w...........................................................+.....>.....\.....c.....q.........................................#.....?.....A.....T.....h.....t...........................................................+.....=.....N.....r...........................................................(.....G.....O....._.........................................H.....Z.....d.....q.....................................................!.....(.....+.....,.....4.....<.....E.....L....._.................#.....*.....j...........................................................#.....H.....d.......................2.....I.....P.....Y.....j............... .....".....%.....(.....*.....+.....,.-.....D.../.i...0.w...1.....3.....4.....5.....6.Q...7.b...8.z...9.....;.....<.....=.....>.....?.....@.....A.G...C.n...D...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\gu.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):832533
                                                                                                                                                                                                                                                                    Entropy (8bit):4.370164270379204
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3072:RqlNvTn1Pdm06M0ITsKMaWZKerbtsMhmksd4Mqz2sQmB51jvjsWnhAgfZw/g/I/f:RuN7n1VQFLFwsL5cqhgrA8
                                                                                                                                                                                                                                                                    MD5:308619D65B677D99F48B74CCFE060567
                                                                                                                                                                                                                                                                    SHA1:9F834DF93FD48F4FB4CA30C4058E23288CF7D35E
                                                                                                                                                                                                                                                                    SHA-256:E40EE4F24839F9E20B48D057BF3216BC58542C2E27CB40B9D2F3F8A1EA5BFBB4
                                                                                                                                                                                                                                                                    SHA-512:3CA84AD71F00B9F7CC61F3906C51B263F18453FCE11EC6C7F9EDFE2C7D215E3550C336E892BD240A68A6815AF599CC20D60203294F14ADB133145CA01FE4608F
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........T.h.:...i.T...j.`...k.o...l.z...n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}......................... .....(...../.....6.....=.....>.....?.....D.......................0.....E.....[.......................+.....c.....e.....q.......................8.....p...................................Q...................................<.....X.................%.....>.....c...................................*.....U.......................w...............................................g.....v.......................Q.................D.............................%.....O.....R.....r.............................+.....2.....5.....7.....P.....i.......................H...........\.....~...........S.................%.....E.....N.....o.....{.......................O.................;.......................*.....M.....o......... .....".....%.....(.Y...*.....+.....,.........../.1...0.Y...1.....3.....4.....5.;...6.....7.....8.,...9.T...;.....<.....=.....>.....?.....@.0...A.....C...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\he.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):519468
                                                                                                                                                                                                                                                                    Entropy (8bit):4.6902065244805256
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12288:iDIJk5rUp/mTLa2/ANNqOL607Af6XVjeQCapb1527oFpMbe54lmdADnwg5Qgx:7205KoM
                                                                                                                                                                                                                                                                    MD5:FC84EA7DC7B9408D1EEA11BEEB72B296
                                                                                                                                                                                                                                                                    SHA1:DE9118194952C2D9F614F8E0868FB273DDFAC255
                                                                                                                                                                                                                                                                    SHA-256:15951767DAFA7BDBEDAC803D842686820DE9C6DF478416F34C476209B19D2D8C
                                                                                                                                                                                                                                                                    SHA-512:49D13976DDDB6A58C6FDCD9588E243D705D99DC1325C1D9E411A1D68D8EE47314DFCB661D36E2C4963C249A1542F95715F658427810AFCABDF9253AA27EB3B24
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........|.|.h.....i.....j.....k.....l.!...n.)...o.....p.;...r.A...s.R...t.[...v.p...w.}...y.....z.....|.....}.........................................................................8.....O.....h............................................... .....".....&.....N.....j.........................................B.....[.....p...............................................G.....o.....w...............................................).....E.....y.............................$.....,.....3.....?.....V.....r...................................!.....D.....h...................................7.....W.....Z.....m............................................................................./.................e.....o.......................E.....X.....p.....v.........................................@.....Z...................................#.....J.....U... .g...".....%.....(.....*.....+.....,.......#.../.C...0.P...1.....3.....4.....5.....6.9...7.R...8.g...9.{...;.....<.....=.....>.....?.....@.....A.x...C...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\hi.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):868673
                                                                                                                                                                                                                                                                    Entropy (8bit):4.359937106090665
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3072:FugBVdK+X9c+XdfdkhSvf4QAEm5dmGrsUt3GR3GXO7NLdYnLsBPtv83ctKOf4z8d:cuVAsc+NZB5/5MNSD
                                                                                                                                                                                                                                                                    MD5:B5DFCE8E3BA0AEC2721CC1692B0AD698
                                                                                                                                                                                                                                                                    SHA1:C5D6FA21A9BA3D526F3E998E3F627AFB8D1EECF3
                                                                                                                                                                                                                                                                    SHA-256:B1C7FB6909C8A416B513D6DE21EEA0B5A6B13C7F0A94CABD0D9154B5834A5E8B
                                                                                                                                                                                                                                                                    SHA-512:FACF0A9B81AF6BB35D0FC5E69809D5C986A2C91A166E507784BDAD115644B96697FE504B8D70D9BBB06F0C558F746C085D37E385EEF41F0A1C29729D3D97980F
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........y...h.....i.....j.....k.....l.....n.#...o.(...p.5...r.;...s.L...t.U...v.j...w.w...y.}...z.....|.....}.........................................................................t...................................A.....d.....~.............................4.....c...................................d.......................l...................................J........... .....9.....H.....p...................................P.......................g.........................................+.....K.......................P.....u.......................l.......................9.....b...................................C.....m...............................................#.....D.................&.....<.................N.................................../.....A.....s...........................................................*.....R.....q... .....".....%.....(.6...*.s...+.v...,.........../.....0.5...1.....3.....4.....5.@...6.....7.....8.:...9._...;.....<.....=.....>.....?.....@.8...A.|...C...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\hr.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):406671
                                                                                                                                                                                                                                                                    Entropy (8bit):5.521226257186607
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3072:z9mYpq0ZkIEZgVRTJ3MOS+WG0uPXbG4TT6WI6DkYAiKbeM/wXbnWNjdmvW0IEifp:zTEgNmW/5tE7IDjG
                                                                                                                                                                                                                                                                    MD5:255F808210DBF995446D10FF436E0946
                                                                                                                                                                                                                                                                    SHA1:1785D3293595F0B13648FB28AEC6936C48EA3111
                                                                                                                                                                                                                                                                    SHA-256:4DF972B7F6D81AA7BDC39E2441310A37F746AE5015146B4E434A878D1244375B
                                                                                                                                                                                                                                                                    SHA-512:8B1A4D487B0782055717B718D58CD21E815B874E2686CDFD2087876B70AE75F9182F783C70BF747CF4CA17A3AFC68517A9DB4C99449FA09BEF658B5E68087F2A
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........<.h.j...i.{...j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.*.....2.....7.....?.....G.....O.....V.....].....d.....e.....f.....h...........................................................:.....K.....M.....Q.....y...........................................................-.....D.....T.....Z.....b.....p.......................................................................&.....8.....H.....].....z...........................................................&.....1.....H.....................................................'.....2.....F.....g.....j.....z...................................................................................`.......................;.....W.....p.....................................................6.....N............................................... .....B.....M... .W...".h...%.....(.....*.....+.....,.........../.....0.....1.O...3.a...4.~...5.....6.....7.....8.....9.0...;.>...<.K...=.W...>.l...?.u...@.....A.....C...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\hu.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):437458
                                                                                                                                                                                                                                                                    Entropy (8bit):5.655020135928055
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:wxEAuskhSSfm4Cky1tV5z8iZfGRzEY63aQSam7gXOeeeQi5gR7azQtGV52n5ydpS:wxLaj6V5z850+7BwQi5Rn6Z
                                                                                                                                                                                                                                                                    MD5:2AA0A175DF21583A68176742400C6508
                                                                                                                                                                                                                                                                    SHA1:3C25BA31C2B698E0C88E7D01B2CC241F0916E79A
                                                                                                                                                                                                                                                                    SHA-256:B59F932DF822AB1A87E8AAB4BBB7C549DB15899F259F4C50AE28F8D8C7CE1E72
                                                                                                                                                                                                                                                                    SHA-512:03A16FEB0601407E96BCB43AF9BDB21E5218C2700C9F3CFD5F9690D0B4528F9DC17E4CC690D8C9132D4E0B26D7FAAFD90AA3F5E57237E06FB81AAB7AB77F6C03
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........j.h.....i.....j.)...k.8...l.C...n.K...o.P...p.]...r.c...s.t...t.}...v.....w.....y.....z.....|.....}.........................................................................L.....\.....r...............................................,...........2.....Z.....y.....................................................-.....X.....p.....u.....{.........................................!.....9.....X.....\....._.....m...................................@.....c.................................................................7.....B.....Z.....h.....................................................,.....A.....[.....{.................................................................q...........5.....;...................................#.....+.....9.....A.....G.....^.............................>.....u....................................... .....".....%.5...(.R...*.x...+.{...,.........../.....0.....1.....3.....4.6...5.X...6.....7.....8.....9.....;.....<.....=.....>.(...?.5...@.H...A.p...C.....D...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\id.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):359190
                                                                                                                                                                                                                                                                    Entropy (8bit):5.384547702191974
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:UINLZJl/dv1DR9S2fjDVnjHFfRmP2x1r856Rh1vtTtSLsEar:Nf7PDuAVnjHFpm+xh856RhP
                                                                                                                                                                                                                                                                    MD5:B6FCD5160A3A1AE1F65B0540347A13F2
                                                                                                                                                                                                                                                                    SHA1:4CF37346318EFB67908BBA7380DBAD30229C4D3D
                                                                                                                                                                                                                                                                    SHA-256:7FD715914E3B0CF2048D4429F3236E0660D5BD5E61623C8FEF9B8E474C2AC313
                                                                                                                                                                                                                                                                    SHA-512:A8B4A96E8F9A528B2DF3BD1251B72AB14FECCF491DD254A7C6ECBA831DFABA328ADB0FD0B4ACDDB89584F58F94B123E97CAA420F9D7B34131CC51BDBDBF3ED73
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:.........._.h.$...i.5...j.A...k.P...l.[...n.c...o.h...p.u...r.{...s.....t.....v.....w.....y.....z.....|.....}............................................................. .....".....E.....S.....`.....p.....w.................................................................3.....;.....I.....Y.....a.....n.................................................................;.....P.....W.....^.....p.....}...........................................................0.....>.....C.....K.....R.....W.....a.....l...............................................$.....R.....x.................................................................'.....8.....?.....B.....C.....K.....S.....[.....c.....i.....u.............................@.....Q.....a.................................................................%.....:.....T............................................. .....".....%.....(.+...*.D...+.G...,.e.....u.../.....0.....1.....3.....4.....5.....6.5...7.H...8.\...9.i...;.w...<.....=.....>.....?.....@.....A...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\it.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):397402
                                                                                                                                                                                                                                                                    Entropy (8bit):5.301296912236702
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:n9BKi2azctogSrqRrhsO11GT9TeLAG3XRU2gY7OfLwH+WcMgB8HryeuRNBPJX9SO:n9FTnzZY28+2vx+0e55zoI
                                                                                                                                                                                                                                                                    MD5:745F16CA860EE751F70517C299C4AB0E
                                                                                                                                                                                                                                                                    SHA1:54D933AD839C961DD63A47C92A5B935EEF208119
                                                                                                                                                                                                                                                                    SHA-256:10E65F42CE01BA19EBF4B074E8B2456213234482EADF443DFAD6105FAF6CDE4C
                                                                                                                                                                                                                                                                    SHA-512:238343D6C80B82AE900F5ABF4347E542C9EA016D75FB787B93E41E3C9C471AB33F6B4584387E5EE76950424E25486DD74B9901E7F72876960C0916C8B9CEE9A6
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........Q.h.@...i.Q...j.]...k.l...l.w...n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................%.....,.....3.....:.....;.....<.....>.....i.....|.......................................................................C.....V.....w.....~.....................................................*...........C.....Y.....o.................................................................0.....D.....f.................................................................*.....2.....@.....v............................................... .....,.....?.....T.....W.....k...................................................................................b.......................:.....O.....d.................................................................K.....k................................................... .....".$...%.H...(.`...*.|...+.....,.........../.....0.....1.....3.(...4.H...5.f...6.....7.....8.....9.....;.....<.....=. ...>.K...?.V...@.g...A.....C.....D...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\ja.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):484003
                                                                                                                                                                                                                                                                    Entropy (8bit):5.752575429591325
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3072:fznG4qRo+yixrD1r04XURrRpZd2hy/NPNQPkwRI6dIKhUNH7bbeCsy5SWbaabF/G:fzGBRo+911WlRpZd2yNp6k5AYxVk
                                                                                                                                                                                                                                                                    MD5:38CD3EF9B7DFF9EFBBE086FA39541333
                                                                                                                                                                                                                                                                    SHA1:321EF69A298D2F9830C14140B0B3B0B50BD95CB0
                                                                                                                                                                                                                                                                    SHA-256:D8FAB5714DAFECB89B3E5FCE4C4D75D2B72893E685E148E9B60F7C096E5B3337
                                                                                                                                                                                                                                                                    SHA-512:40785871032B222A758F29E0C6EC696FBE0F6F5F3274CC80085961621BEC68D7E0FB47C764649C4DD0C27C6EE02460407775FAE9D3A2A8A59362D25A39266CE0
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:............h.....i.....j.....k.....l.....m.....o.1...p.>...v.D...w.Q...y.W...z.f...|.l...}.~.........................................................................................3.....Q.....r.....x.............................(.....I.....K.....O.....w.........................................#.....J.....Z.....u..............................................._...........................................................9.....c.......................#.....3.....<.....D.....K.....T.....i.....y.............................B.....c................................... .....D.....G.....V.....q.....................................................$.....1.....D.................z.......................&.....Y.....h.....................................................7.....O...................................#.....C.....I... .R...".d...%.....(.....*.....+.....,.......J.../.h...0.q...1.....3.....4.....5.....6.g...7.....8.....9.....;.....<.....=.....>.:...?.D...@.Y...A.....C.....D.....E.....F.0...G.Z.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\kn.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):960888
                                                                                                                                                                                                                                                                    Entropy (8bit):4.2704203524429865
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12288:P8nyRnHoS7yB/rt2o6i7u7b5frUb+7G+Vma:ti6X5jUA
                                                                                                                                                                                                                                                                    MD5:CAAB4DEB1C40507848F9610D849834CF
                                                                                                                                                                                                                                                                    SHA1:1BC87FF70817BA1E1FDD1B5CB961213418680CBE
                                                                                                                                                                                                                                                                    SHA-256:7A34483E6272F9B8881F0F5A725B477540166561C75B9E7AB627815D4BE1A8A4
                                                                                                                                                                                                                                                                    SHA-512:DC4B63E5A037479BB831B0771AEC0FE6EB016723BCD920B41AB87EF11505626632877073CE4E5E0755510FE19BA134A7B5899332ECEF854008B15639F915860C
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........7.h.t...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|."...}.4.....<.....A.....I.....Q.....Y.....`.....g.....n.....o.....p.....u...........>.....u.......................F.....g.....y...........<.....>.....J.....r.......................^.......................e.................1.....n.....................................................1.....l.....{.....~.................,.....l...........*.................-.....E.....M.....T.....f.............................I.......................S.................d.............................`.....c.......................E...............................................#.....6.....`.................".....=.................(...............................................@.............................".......................(.....h............... ....."."...%.....(.....*.....+.....,.;.....l.../.....0.....1.U...3.o...4.....5.....6.....7.....8.....9.V...;.....<.....=.....>.....?.....@.G...A.....C.....D.=.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\ko.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):407632
                                                                                                                                                                                                                                                                    Entropy (8bit):6.124197697056213
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12288:Md9PhJeKVoCGet8Oh2J7klCqZ5T7BKI8LtCq7hUoqAX:Md91UJc5184AX
                                                                                                                                                                                                                                                                    MD5:D6194FC52E962534B360558061DE2A25
                                                                                                                                                                                                                                                                    SHA1:98ED833F8C4BEAC685E55317C452249579610FF8
                                                                                                                                                                                                                                                                    SHA-256:1A5884BD6665B2F404B7328DE013522EE7C41130E57A53038FC991EC38290D21
                                                                                                                                                                                                                                                                    SHA-512:5207A07426C6CEB78F0504613B6D2B8DADF9F31378E67A61091F16D72287ADBC7768D1B7F2A923369197E732426D15A872C091CF88680686581D48A7F94988AB
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:............h.....i.....j.....k.....l.....m.....o.....p.....r.....s.-...t.6...y.K...z.Z...|.`...}.r.....z.........................................................................................7.....D.....^.....k.....s.........................................3.....?.....L.....\.....c.....}.................................................................d.....z.................................................................%.....F.....j.......................................................................`.....v.............................*.....6.....L.....Y.....n.........................................................................................x...........D.....M.............................#.....6.....9.....L.....R.....[.....r...................................^.....n.....w.....}..................... .....".....%.....(.....*.M...+.P...,.........../.....0.....1.....3.....4.5...5.]...6.....7.....8.....9.....;.....<.....=.....>.....?./...@.C...A.q...C.....D.....E.....F.....G...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\lt.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):439793
                                                                                                                                                                                                                                                                    Entropy (8bit):5.6365541871793114
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:zXtEPi5jFX4VU4EzsnHIOBoU+1Qi7t5GkzvLdyaj+teJvxY2I96Su:CEmguHLBoUnU5TzvLWeJJG6Su
                                                                                                                                                                                                                                                                    MD5:64B08FFC40A605FE74ECC24C3024EE3B
                                                                                                                                                                                                                                                                    SHA1:516296E8A3114DDBF77601A11FAF4326A47975AB
                                                                                                                                                                                                                                                                    SHA-256:8A5D6E29833374E0F74FD7070C1B20856CB6B42ED30D18A5F17E6C2E4A8D783E
                                                                                                                                                                                                                                                                    SHA-512:05D207413186AC2B87A59681EFE4FDF9DC600D0F3E8327E7B9802A42306D80D0DDD9EE07D103B17CAF0518E42AB25B7CA9DA4713941ABC7BCED65961671164AC
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........S.h.<...i.M...j.Y...k.h...l.s...n.{...o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................!.....(...../.....6.....7.....8.....:.....h.....v...............................................&.....7.....9.....=.....e.....................................................(.....7.....Q.....f.....m.....v.....................................................6.....A.....L.....V.....l............................. .....G.....e.....n.....v.....}...............................................).....4.....K.....]................................................................./.....G.....^.....x...........................................................Y....................... .....A.....w...............................................*.....>.....r...............................................L.....Y... .n...".~...%.....(.....*.....+.....,.......6.../.Q...0.T...1.....3.....4.....5.....6.-...7.P...8.p...9.....;.....<.....=.....>.....?.....@.....A.I...C.j.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\lv.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):437670
                                                                                                                                                                                                                                                                    Entropy (8bit):5.638618522703661
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:TjewdtAe6tN4tVFHzmstt4Uoo3W3sb3F5hZanXnEv9AhraszLOAty6ls1V:RR/v4UVWwF5UEabns1V
                                                                                                                                                                                                                                                                    MD5:A8CBD741A764F40B16AFEA275F240E7E
                                                                                                                                                                                                                                                                    SHA1:317D30BBAD8FD0C30DE383998EA5BE4EEC0BB246
                                                                                                                                                                                                                                                                    SHA-256:A1A9D84FD3AF571A57BE8B1A9189D40B836808998E00EC9BD15557B83D0E3086
                                                                                                                                                                                                                                                                    SHA-512:3DA91C0CA20165445A2D283DB7DC749FCF73E049BFFF346B1D79B03391AEFC7F1310D3AC2C42109044CFB50AFCF178DCF3A34B4823626228E591F328DD7AFE95
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........C.h.\...i.m...j.y...k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.......$.....).....1.....9.....A.....H.....O.....V.....W.....X.....Z...........................................................3.....O.....Q.....U.....}...........................................................7.....Q.....b.....h.....n.....................................................,.....5.....8.....?.....U.....g.....y...........................................................'.....@.....c.....g.........................................9.....[.....l...........................................................1.....H.....O.....R.....S.....].....h.....p.....w.......................].....h.......................8.....C.....U.....\.....k.....n.....y...................................S............................................. .....".....%.'...(.A...*.^...+.a...,.........../.....0.....1.....3.....4.,...5.Q...6.....7.....8.....9.....<.....=.....>.....?.....@.....A.i...C.....D...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\ml.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):998155
                                                                                                                                                                                                                                                                    Entropy (8bit):4.3110320925732095
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12288:T6ALnHOE47/URV1BQMmWDcZubSAD7qcDs3eThx5D/7dZdO3cb:9Owoys3eT5D/79O3u
                                                                                                                                                                                                                                                                    MD5:1C81104AC2CBF7F7739AF62EB77D20D5
                                                                                                                                                                                                                                                                    SHA1:0F0D564F1860302F171356EA35B3A6306C051C10
                                                                                                                                                                                                                                                                    SHA-256:66005BC01175A4F6560D1E9768DBC72B46A4198F8E435250C8EBC232D2DAC108
                                                                                                                                                                                                                                                                    SHA-512:969294EAE8C95A1126803A35B8D3F1FC3C9D22350AA9CC76B2323B77AD7E84395D6D83B89DEB64565783405D6F7EAE40DEF7BDAF0D08DA67845AE9C7DBB26926
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........:.h.n...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.......6.....;.....C.....K.....S.....Z.....a.....h.....i.....j.....o.................Z.......................1.....O.................k.....m.....q.......................E.............................x.................Y.............................+....._...........6.....T.....{.............................5.......................u...........,.........................................#.....K...............................................:...........,.....f.............................".....f.......................O.....................................................i................._.....}.......................`.........................................s...........T...........&...........l.......................H.....s......... .....".....%.....(.....*.T...+.W...,.........../.....0.....1.....3.....4.....5.v...6.....7.R...8.....9.....;.S...<.p...=.....>.....?.....@.....A.U...C...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\mr.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):816652
                                                                                                                                                                                                                                                                    Entropy (8bit):4.350418506868822
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3072:ZE7bv9/9xAvtACKjxUp0djbOXspvibMFFPMUh3RQR3KB+5lx14/H4bmHwMaZ0t4k:ZE7b1fOACsxZjAEV6yZ00VbJ5JgezP5
                                                                                                                                                                                                                                                                    MD5:2CF9F07DDF7A3A70A48E8B524A5AED43
                                                                                                                                                                                                                                                                    SHA1:974C1A01F651092F78D2D20553C3462267DDF4E9
                                                                                                                                                                                                                                                                    SHA-256:23058C0F71D9E40F927775D980524D866F70322E0EF215AA5748C239707451E7
                                                                                                                                                                                                                                                                    SHA-512:0B21570DEEFA41DEFC3C25C57B3171635BCB5593761D48A8116888CE8BE34C1499FF79C7A3EBBE13B5A565C90027D294C6835E92E6254D582A86750640FE90F2
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........|.|.h.....i.....j.....k.....l.*...n.2...o.7...p.D...r.J...s.[...t.d...v.y...w.....y.....z.....|.....}.........................................................................q...................................5.....G.....Y.............................<.....a.......................,.....B.....w.......................^.....}.................................................................D.....M.....P.....l.......................A.......................<.....O.....W.....^.....j.............................2.............................J.......................P.....s...................................-.....N.....r.....................................................2...........b...................................K.....d.........................................@.................,.....m.......................:.....]............... .....".....%.J...(.....*.....+.....,.......!.../.]...0.j...1.....3.....4.4...5.n...6.....7.....8.X...9.....;.....<.....=.....>.%...?.8...@.g...A.....C...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\ms.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):374453
                                                                                                                                                                                                                                                                    Entropy (8bit):5.272284824619555
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:DZ/AO2kUDrt2MBrIxFQJulcul5WkS/PSOW5soNY3MMyvek:DZ/ApkUDrt2MOxSIl51kP05RYcMA
                                                                                                                                                                                                                                                                    MD5:AEE105366A1870B9D10F0F897E9295DB
                                                                                                                                                                                                                                                                    SHA1:EEE9D789A8EEAFE593CE77A7C554F92A26A2296F
                                                                                                                                                                                                                                                                    SHA-256:C6471AEE5F34F31477D57F593B09CB1DE87F5FD0F9B5E63D8BAB4986CF10D939
                                                                                                                                                                                                                                                                    SHA-512:240688A0054BFEBE36EA2B056194EE07E87BBBEB7E385131C73A64AA7967984610FCB80638DD883837014F9BC920037069D0655E3E92A5922F76813AEDB185FA
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........8.h.r...i.z...j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.).....1.....6.....>.....F.....N.....U.....\.....c.....d.....e.....j...........................................................A.....X.....Z.....^...........................................................+.....9.....M.....Z.....a.....f.....u.......................................................................*.....9.....M.....d.......................................................................$.....6.....d.....x.....................................................).....=.....@.....T.....h.....z...................................................................................e...................................$...../.....A.....L.....V.....^.....e.....|...................................1.....F.....L.....R.....a.....v......... .....".....%.....(.....*.....+.....,.......$.../.:...0.D...1.x...3.....4.....5.....6.....7.....8.&...9.9...;.M...<.X...=.i...>.....?.....@.....A...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\nb.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):367614
                                                                                                                                                                                                                                                                    Entropy (8bit):5.435724855090923
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:TAJxNH0uqnIhgFYMqOp7fwcbgtmX07Sgzuu5Dn4XYnOGrr:ExdfqnPFYMqOp7fwcwSgB5Dn4LGrr
                                                                                                                                                                                                                                                                    MD5:55D5AD4EACB12824CFCD89470664C856
                                                                                                                                                                                                                                                                    SHA1:F893C00D8D4FDB2F3E7A74A8BE823E5E8F0CD673
                                                                                                                                                                                                                                                                    SHA-256:4F44789A2C38EDC396A31ABA5CC09D20FB84CD1E06F70C49F0664289C33CD261
                                                                                                                                                                                                                                                                    SHA-512:555D87BE8C97F466C6B3E7B23EC0210335846398C33DBA71E926FF7E26901A3908DBB0F639C93DB2D090C9D8BDA48EDDF196B1A09794D0E396B2C02B4720F37E
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........P.h.B...i.Y...j.e...k.t...l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................%.....-.....4.....;.....B.....C.....D.....F.....m.....x.................................................................".....J.....^.....v.....{.....................................................)...../.....5.....D.....T.....c.......................................................................-.....J.....c.....{.......................................................................+.....6.....@.....Y.....o.......................................................................%.....5.....I.....P.....S.....T.....[.....c.....n.....u.......................*...........x...........................................................,.....I.....`.....y...............................................'.....2... .7...".@...%.Z...(.z...*.....+.....,.........../.....0.....1.....3. ...4.:...5.O...6.....7.....8.....9.....;.....<.....=.....>.....?.....@.....A.?...C.\.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\nl.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):379453
                                                                                                                                                                                                                                                                    Entropy (8bit):5.379227569652463
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:KcJ9Smne7gqDO5EQHzpamU3D+qn7Cv5qPxOGpLMsLPW:Km9nCgqDO5ELrOv5qPxOGpLM+PW
                                                                                                                                                                                                                                                                    MD5:0F04BAC280035FAB018F634BCB5F53AE
                                                                                                                                                                                                                                                                    SHA1:4CAD76EAECD924B12013E98C3A0E99B192BE8936
                                                                                                                                                                                                                                                                    SHA-256:BE254BCDA4DBE167CB2E57402A4A0A814D591807C675302D2CE286013B40799B
                                                                                                                                                                                                                                                                    SHA-512:1256A6ACAC5A42621CB59EB3DA42DDEEACFE290F6AE4A92D00EBD4450A8B7CCB6F0CD5C21CF0F18FE4D43D0D7AEE87B6991FEF154908792930295A3871FA53DF
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........Y.h.0...i.A...j.M...k.\...l.g...n.o...o.t...p.....r.....s.....t.....v.....w.....y.....z.....|.....}...........................................#.....*.....+.....,...........\.....h.....x.................................................................).....A.....].....k.....{...............................................)...........7.....F.....V.....e.................................................................3.....K.....o.................................................................).....0.....E.....}.........................................'.....1.....?.....^.....a.....v.............................................................................).....k.......................+.....@.....X.................................................................3.....H.....f............................................. .....".....%.....(.+...*.D...+.G...,.e.....v.../.....0.....1.....3.....4.....5.....6.J...7.b...8.....9.....;.....<.....=.....>.....?.....@.....A.....C.8...D.B.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\pl.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):422325
                                                                                                                                                                                                                                                                    Entropy (8bit):5.774687126444438
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12288:roj98jy/jojSoM/Z+Xgv3iWhbhvPeCUdxUwVTmNF1Qhjhd5UR405Y:ryMV+1Qhb5IY
                                                                                                                                                                                                                                                                    MD5:F1D48A7DCD4880A27E39B7561B6EB0AB
                                                                                                                                                                                                                                                                    SHA1:353C3BA213CD2E1F7423C6BA857A8D8BE40D8302
                                                                                                                                                                                                                                                                    SHA-256:2593C8B59849FBC690CBD513F06685EA3292CD0187FCF6B9069CBF3C9B0E8A85
                                                                                                                                                                                                                                                                    SHA-512:132DA2D3C1A4DAD5CCB399B107D7B6D9203A4B264EF8A65ADD11C5E8C75859115443E1C65ECE2E690C046A82687829F54EC855F99D4843F859AB1DD7C71F35A5
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........R.h.>...i.O...j.Y...k.h...l.s...n.{...o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................!.....(...../.....6.....7.....8.....:.....j.....y.....................................................!.....#.....'.....O.....g.................................................................*.....0.....6.....I.....].....o.............................................................................J.....f.............................................................................K....._.....j.....................................................<.....?.....N.....\.....k.......................................................................9.......................(.....E.....`.....................................................#.....=.....k...............................................9.....D... .M...".]...%.....(.....*.....+.....,.........../.....0."...1.Q...3.`...4.....5.....6.....7.....8.....9.....;.&...<.1...=.;...>.O...?.X...@.k...A.....C...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\pt-BR.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):399250
                                                                                                                                                                                                                                                                    Entropy (8bit):5.432001310431886
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:oNssFqCoNBXBL3sNA65VyS15LqJVlLUoR1peV:oNssFqIF5uJH4oR/g
                                                                                                                                                                                                                                                                    MD5:8E931FFBDED8933891FB27D2CCA7F37D
                                                                                                                                                                                                                                                                    SHA1:AB0A49B86079D3E0EB9B684CA36EB98D1D1FD473
                                                                                                                                                                                                                                                                    SHA-256:6632BD12F04A5385012B5CDEBE8C0DAD4A06750DC91C974264D8FE60E8B6951D
                                                                                                                                                                                                                                                                    SHA-512:CF0F6485A65C13CF5DDD6457D34CDEA222708B0BB5CA57034ED2C4900FD22765385547AF2E2391E78F02DCF00B7A2B3AC42A3509DD4237581CFB87B8F389E48D
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........=.h.h...i.y...j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.(.....0.....5.....=.....E.....M.....T.....[.....b.....c.....d.....i...........................................................@.....U.....W.....[...........................................................'.....A.....a.....x...............................................!.....,.....<.....I.....M.....P.....W.....l.....z.....................................................&.....,.....7.....E.....].....g.....x...................................4.....>.....N.....[.....m...................................................................................%.....,.....<.....o.......................&.....;.....R.....z.................................................................G.....e............................................. .....".....%.)...(.?...*.Z...+.]...,.{........./.....0.....1.....3.....4.....5.'...6._...7.s...8.....9.....;.....<.....=.....>.....?.....@.....A.0...C.S...D.].

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\pt-PT.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):400379
                                                                                                                                                                                                                                                                    Entropy (8bit):5.412017917472705
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:dqPhA4zslBWfIw2ieJVJJxhmOcXLFIUK5IKM4RV6X:EJolB/2bfK5IKM4RG
                                                                                                                                                                                                                                                                    MD5:B4954B064E3F6A9BA546DDA5FA625927
                                                                                                                                                                                                                                                                    SHA1:584686C6026518932991F7DE611E2266D8523F9D
                                                                                                                                                                                                                                                                    SHA-256:EE1E014550B85E3D18FB5128984A713D9F6DE2258001B50DDD18391E7307B4A1
                                                                                                                                                                                                                                                                    SHA-512:CB3B465B311F83B972ECA1C66862B2C5D6EA6AC15282E0094AEA455123DDF32E85DF24A94A0AEDBE1B925FF3ED005BA1E00D5EE820676D7A5A366153ADE90EF7
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........2.h.~...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.&...|.,...}.>.....F.....K.....S.....[.....c.....j.....q.....x.....y.....z.....................................................!.....).....J.....\.....^.....b...........................................................).....<.....W.....o.....y.....................................................'.....4.....8.....;.....B.....[.....i.....z...............................................$.....*.....5.....C.....Y.....a.....r.........................................6.....A.....Q.....^.....p.............................................................................%...........5.....F.............................>.....R.....f...........................................................(.....U.....q............................................... ... .$...".8...%.S...(.i...*.....+.....,.........../.....0.....1.....3.&...4.J...5.n...6.....7.....8.....9.....;.....<.....=.....>.A...?.L...@.a...A.....C...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\ro.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):412797
                                                                                                                                                                                                                                                                    Entropy (8bit):5.469387509353947
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:Lsg4/xnSFcFG1Y6vFEsif5QB0o1s21/oulzr:Lt7FcFG1Y6vesif5QKob/dr
                                                                                                                                                                                                                                                                    MD5:D2758F6ADBAEEA7CD5D95F4AD6DDE954
                                                                                                                                                                                                                                                                    SHA1:D7476DB23D8B0E11BBABF6A59FDE7609586BDC8A
                                                                                                                                                                                                                                                                    SHA-256:2B7906F33BFBE8E9968BCD65366E2E996CDF2F3E1A1FC56AD54BAF261C66954C
                                                                                                                                                                                                                                                                    SHA-512:8378032D6FEBEA8B5047ADA667CB19E6A41F890CB36305ACC2500662B4377CAEF3DC50987C925E05F21C12E32C3920188A58EE59D687266D70B8BFB1B0169A6E
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........Z.h.....i.?...j.I...k.X...l.c...n.k...o.p...p.}...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................&.....'.....(.....*.....e.....t.......................................................................2.....S.....p.....y...............................................-.....D.....L....._.....s...............................................2.....=.....E.....b...................................>.....O.....W....._.....f.....l.....{...............................................+.....;.....b...........................................................'.....B.....`.....t.....{.....~...............................................].............................2.....b.....m.....................................................?.....g.........................................#...../... .9...".M...%.p...(.....*.....+.....,.........../.....0.....1.....3.?...4.[...5.{...6.....7.....8.....9.....;.....<.....=.(...>.C...?.K...@.Z...A.....C.....D...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\ru.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):672991
                                                                                                                                                                                                                                                                    Entropy (8bit):4.887128747074479
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12288:xkFzEroY5eXN2hHO3j/jHXzvMBJJWkKce8P/XzFGGJn/aZ/LNUFC0WGWajfG1UpM:xUQMi5y6d4
                                                                                                                                                                                                                                                                    MD5:2885BDE990EE3B30F2C54A4067421B68
                                                                                                                                                                                                                                                                    SHA1:AE16C4D534B120FDD68D33C091A0EC89FD58793F
                                                                                                                                                                                                                                                                    SHA-256:9FCDA0D1FAB7FFF7E2F27980DE8D94FF31E14287F58BD5D35929DE5DD9CBCDCA
                                                                                                                                                                                                                                                                    SHA-512:F7781F5C07FBF128399B88245F35055964FF0CDE1CC6B35563ABC64F520971CE9916827097CA18855B46EC6397639F5416A6E8386A9390AFBA4332D47D21693F
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:............h.(...i.9...j.E...k.T...l._...n.g...o.l...p.y...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................".....#.....$.....&.....~...................................4.....>.....H.........................................-.....9.....X.....l...................................T.....w.............................E.....o.....y...............................................$.....?.....|.......................).....7.....?.....M.....n...................................H.....X.......................#.....D.....W.....{...................................<.....^...........................................................r.............................@.....g.............................).....>.....L.....z.................`.....~...........$.....U.....g.....{..................... .....".....%.,...(.r...*.....+.....,.........../.:...0.K...1.....3.....4.....5."...6.....7.....8.....9.....;.....<.1...=.E...>.|...?.....@.....A.-...C.e...D.v...E.....F...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\sk.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):426178
                                                                                                                                                                                                                                                                    Entropy (8bit):5.821396103086126
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:M43lA0ct/muNypigJ4BOn5aHSL9aQCqoLWGL:91cgsypipBI5aHSL9aQCDLd
                                                                                                                                                                                                                                                                    MD5:B7E97CC98B104053E5F1D6A671C703B7
                                                                                                                                                                                                                                                                    SHA1:0F7293F1744AE2CD858EB3431EE016641478AE7D
                                                                                                                                                                                                                                                                    SHA-256:B0D38869275D9D295E42B0B90D0177E0CA56A393874E4BB454439B8CE25D686F
                                                                                                                                                                                                                                                                    SHA-512:EF3247C6F0F4065A4B68DB6BF7E28C8101A9C6C791B3F771ED67B5B70F2C9689CEC67A1C864F423382C076E4CBB6019C1C0CB9AD0204454E28F749A69B6B0DE0
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........R.h.>...i.R...j.^...k.m...l.x...n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................&.....-.....4.....;.....<.....=.....?.....s.....................................................(.....=.....?.....C.....k.....................................................'.....7.....S.....b.....h.....p...........................................................-.....8.....V.....l.....~...........................................................#.....2.....I.....T.....o...................................8.....B.....P.....\.....k.............................................................................'...../.....;.....K.................?.....F.............................+.....F.....K.....W.....b.....k...................................N............................................. .....".....%.,...(.G...*.h...+.k...,.........../.....0.....1.....3.....4. ...5.?...6.v...7.....8.....9.....;.....<.....=.....>.....?.....@.....A.Z...C.{...D.....E...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\sl.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):411437
                                                                                                                                                                                                                                                                    Entropy (8bit):5.49350335324308
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:tnerKYjnS4fhmi0i2iiBnnbANjbnPMum4ocyxPbPD/yu0zrVftjQLc35BdFPcNpU:lEjnSn1iHd35vtcqO+i/fz50qg
                                                                                                                                                                                                                                                                    MD5:CA763E801DE642E4D68510900FF6FABB
                                                                                                                                                                                                                                                                    SHA1:C32A871831CE486514F621B3AB09387548EE1CFF
                                                                                                                                                                                                                                                                    SHA-256:340E0BABE5FDDBFDA601C747127251CF111DD7D79D0D6A5EC4E8443B835027DE
                                                                                                                                                                                                                                                                    SHA-512:E2847CE75DE57DEB05528DD9557047EDCD15D86BF40A911EB97E988A8FDBDA1CD0E0A81320EADF510C91C826499A897C770C007DE936927DF7A1CC82FA262039
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........c.h.....i.-...j.7...k.F...l.Q...n.Y...o.^...p.k...r.q...s.....t.....v.....w.....y.....z.....|.....}.........................................................................B.....T.....b.....r.....z.....................................................F.....d.....|.......................................................................%.....4.....H.....W.......................................................................#.....=.....].....{.....................................................#...........>.....k.....u...............................................'.....6.....P.....U.....e.....x.............................................................................E.......................&.....I.....j.....................................................%.....=.....j...............................................&.....2... .<...".N...%.f...(.....*.....+.....,.........../.....0.....1.I...3.X...4.t...5.....6.....7.....8.....9.....;.#...<./...=.9...>.L...?.V...@.d...A.....C...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\sr.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):630964
                                                                                                                                                                                                                                                                    Entropy (8bit):4.810757945626649
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12288:H0JfhK5lIRIS151RHexYzs+DN5W9xTvvWF37sQ/k/k/i:y5V9dN5Oxjn
                                                                                                                                                                                                                                                                    MD5:C68C235D8E696C098CF66191E648196B
                                                                                                                                                                                                                                                                    SHA1:5C967FBBD90403A755D6C4B2411E359884DC8317
                                                                                                                                                                                                                                                                    SHA-256:AB96A18177AF90495E2E3C96292638A775AA75C1D210CA6A6C18FBC284CD815B
                                                                                                                                                                                                                                                                    SHA-512:34D14D8CB851DF1EA8CD3CC7E9690EAF965D8941CFCAC1C946606115AD889630156C5FF47011B27C1288F8DF70E8A7DC41909A9FA98D75B691742EC1D1A5E653
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........?.h.d...i.u...j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.$.....,.....1.....9.....A.....I.....P.....W.....^....._.....`.....b.......................#.....=.....X.............................I.....K.....O.....w...................................(.....B.....w.........................................B.....k.............................+.....D....._.....i.....y...................................Q...............................................&.....H.....l.....x.............................B.....e............................./.....O.........................................(.....H.....O.....R.....S.....].....i.......................5...........Q.....a...........1.....^................................... .....*.....N.......................O............................. .....5.....h.....}... .....".....%.....(.%...*.W...+.Z...,.x........./.....0.....1.4...3.K...4.....5.....6.$...7.L...8.z...9.....;.....<.....=.....>.!...?.2...@.S...A.....C...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\sv.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):370331
                                                                                                                                                                                                                                                                    Entropy (8bit):5.550902354924257
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:A3J7MHJrRRcAjowQx+ByxN6dn4bLXvu9M7SOVDE/xUDv6o5WI5ggbN:G7EHl9BdU5X5x
                                                                                                                                                                                                                                                                    MD5:272F8A8B517C7283EAB83BA6993EEA63
                                                                                                                                                                                                                                                                    SHA1:AD4175331B948BD4F1F323A4938863472D9B700C
                                                                                                                                                                                                                                                                    SHA-256:D15B46BC9B5E31449B11251DF19CD2BA4920C759BD6D4FA8CA93FD3361FDD968
                                                                                                                                                                                                                                                                    SHA-512:3A0930B7F228A779F727EBFB6AE8820AB5CC2C9E04C986BCE7B0F49F9BF124F349248ECDF108EDF8870F96B06D58DEA93A3E0E2F2DA90537632F2109E1AA65F0
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........q.h.....i.....j.....k.,...l.7...n.?...o.D...p.Q...r.W...s.h...t.q...v.....w.....y.....z.....|.....}.........................................................................(.....9.....K....._.....g.....p.....................................................%.....=.....C.....S.....d.....k.....x.................................................................W.....m.....y.................................................................?.....c.......................................................................,.....4.....?.....W.....g.................................................................".....4.....E.....b.....i.....l.....m.....u.....}.............................&.....`.....g.........................................".....*.....,.....2.....D.....e.....}.............................1.....7.....A.....Q.....`.....h... .m...".w...%.....(.....*.....+.....,.........../.....0.1...1.]...3.g...4.....5.....6.....7.....8.....9.....;.....<.%...=.3...>.J...?.S...@.c...A.....C...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\sw.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):388458
                                                                                                                                                                                                                                                                    Entropy (8bit):5.356168167447509
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:24pV6wBz58kN6vhq//3UZFBIzDWs8ADjLKrYNguA/h5aS0DwV+ChZYeeq0e1k4H5:24bVd5B/3U/BLs8kMKguA/h5N1hZY+0u
                                                                                                                                                                                                                                                                    MD5:67A443A5C2EAAD32625EDB5F8DEB7852
                                                                                                                                                                                                                                                                    SHA1:A6137841E8E7736C5EDE1D0DC0CE3A44DC41013F
                                                                                                                                                                                                                                                                    SHA-256:41DFB772AE4C6F9E879BF7B4FA776B2877A2F8740FA747031B3D6F57F34D81DD
                                                                                                                                                                                                                                                                    SHA-512:E0FDFF1C3C834D8AF8634F43C2F16BA5B883A8D88DFD322593A13830047568FAF9F41D0BF73CD59E2E33C38FA58998D4702D2B0C21666717A86945D18B3F29E5
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........K.h.L...i.W...j.c...k.r...l.}...n.....o.....p.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................#.....+.....2.....9.....@.....A.....B.....G.....k.....}...........................................................!.....%.....M.....c...........................................................$.....5.....?.....E.....\.....p.....}.................................................................6.....N.....p.................................................................?.....F.....X.........................................K.....U.....`.....l.....................................................%.....,...../.....0.....=.....D.....I.....P.....W.....c.............................6.....N.....c.................................................................L.....e................................................... .!...".1...%.U...(.o...*.....+.....,.........../.....0.....1. ...3.6...4.L...5.i...6.....7.....8.....9.....;.....<.....=.....>.....?.&...@.A...A.q.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\ta.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):987188
                                                                                                                                                                                                                                                                    Entropy (8bit):4.090571010189695
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3072:S3YCY5ynH4ASpuCkCxSiP84Gb/v5nB7zztROcA2P:SnVUdQO84Gb/v55zztROcA2P
                                                                                                                                                                                                                                                                    MD5:18EC8FF3C0701A6A8C48F341D368BAB5
                                                                                                                                                                                                                                                                    SHA1:8BFF8AEE26B990CF739A29F83EFDF883817E59D8
                                                                                                                                                                                                                                                                    SHA-256:052BCDB64A80E504BB6552B97881526795B64E0AB7EE5FC031F3EDF87160DEE9
                                                                                                                                                                                                                                                                    SHA-512:A0E997FC9D316277DE3F4773388835C287AB1A35770C01E376FB7428FF87683A425F6A6A605D38DD7904CA39C50998CD85F855CB33AE6ABAD47AC85A1584FE4E
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........x.h.....i.....j.....k.....l.)...n.1...o.6...p.C...r.I...s.Z...t.c...v.x...w.....y.....z.....|.....}...........................................................................................).....G.....P.......................M...........................................................,.....{.................&.....p.............................5.....W...........L.....d.......................#.....&.....8.....p.......................y...........+.....M.....Y.....a.....h.......................0.....K.....s.......................?...........$.....{.......................6.....w.....z.................1.....d...............................................1.....D...........c...........................................................$.....K.....c.....o.................S...........0.................U.....j........................... . ...".Z...%.....(.)...*.....+.....,.........../.....0.....1.....3.....4.7...5.....6.Z...7.....8.....9.$...;.g...<.....=.....>.....?.....@.0...A.y...C...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\te.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):916416
                                                                                                                                                                                                                                                                    Entropy (8bit):4.338166638560127
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12288:iy/yX8OsABW3p1F9SviTlwJAg5NFO1Tr/p54JAQvfEC28+58XoX0DTq9OyU+0Ak1:vu8OkDY5YMZb
                                                                                                                                                                                                                                                                    MD5:A17F16D7A038B0FA3A87D7B1B8095766
                                                                                                                                                                                                                                                                    SHA1:B2F845E52B32C513E6565248F91901AB6874E117
                                                                                                                                                                                                                                                                    SHA-256:D39716633228A5872630522306F89AF8585F8092779892087C3F1230D21A489E
                                                                                                                                                                                                                                                                    SHA-512:371FB44B20B8ABA00C4D6F17701FA4303181AD628F60C7B4218E33BE7026F118F619D66D679BFFCB0213C48700FAFD36B2E704499A362F715F63EA9A75D719E7
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........8.h.r...i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v.....w.....y.....z.#...|.)...}.;.....C.....H.....P.....X.....`.....g.....n.....u.....v.....w.....|...........3.....g.............................@.....U...........4.....6.....B.....j.......................2.......................>.....`...........$.....U.....s...............................................,.....o.............................>.................<.................p.........................................8.......................M.....~.........................................P.....l.............................2.....T.........................................0.....W.....~.............................7.............................c.................7.....C.....s.......................T...........A.................p.......................C............... .....".....%.K...(.....*.....+.....,.......I.../.....0.....1.U...3.x...4.....5.....6.....7.....8."...9.V...;.....<.....=.....>.....?.....@.=...A...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\th.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):771431
                                                                                                                                                                                                                                                                    Entropy (8bit):4.388714549432334
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12288:5ZY31Mkgs3s5UvfZLRflsjj8FCG1LDoAGkEeuLAD57Kle9d8nyj9FR3o09XAyFHa:57yU5K54
                                                                                                                                                                                                                                                                    MD5:A32BA63FEEED9B91F6D6800B51E5AEAE
                                                                                                                                                                                                                                                                    SHA1:2FBF6783996E8315A4FB94B7D859564350EE5918
                                                                                                                                                                                                                                                                    SHA-256:E32E37CA0AB30F1816FE6DF37E3168E1022F1D3737C94F5472AB6600D97A45F6
                                                                                                                                                                                                                                                                    SHA-512:ADEBDE0F929820D8368096A9C30961BA7B33815B0F124CA56CA05767BA6D081ADF964088CB2B9FCAA07F756B946FFFA701F0B64B07D457C99FD2B498CBD1E8A5
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:............h.....i.....j.....k.....l.....o.....p.'...r.-...s.>...t.G...v.\...w.i...y.o...z.~...|.....}...............................................................................2.....V.............................\.....z...................................E.....r.............................&.....M.............................;.....V.....h.................1.............................+.....L.....X.....[.....j.......................2.....e...............................................&.....E.....~.................&.....Y.....t.................O.............................0.....3.....W.....x.........................................".....C.....U.....h.......................3.....E.................D.............................".....=.....d.......................e.................H....................................... .7...".L...%.....(.....*.*...+.-...,.>.....n.../.....0.....1.>...3.l...4.....5.....6.{...7.....8.....9.....;.....<.3...=.X...>.....?.....@.....A.-...C.r...D.....E...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\tr.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):395016
                                                                                                                                                                                                                                                                    Entropy (8bit):5.625100269002306
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:xxl+G2KPlJi+kKD80GlTgAI7WTge95j/0+Vi1havX9vwiBrVmI:rlt2IlrRn57m5j/1
                                                                                                                                                                                                                                                                    MD5:5FF2E5C95067A339E3D6B8985156EC1F
                                                                                                                                                                                                                                                                    SHA1:7525B25C7B07F54B63B6459A0D8C8C720BD8A398
                                                                                                                                                                                                                                                                    SHA-256:14A131BA318274CF10DE533A19776DB288F08A294CF7E564B7769FD41C7F2582
                                                                                                                                                                                                                                                                    SHA-512:2414386DF8D7AB75DCBD6CA2B9AE62BA8E953DDB8CD8661A9F984EB5E573637740C7A79050B2B303AF3D5B1D4D1BB21DC658283638718FDD04FC6E5891949D1B
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........".h.....i.....j.....k.....l.....n.....o.....p.....r.....s.....t.....v."...w./...y.5...z.D...|.J...}.\.....d.....i.....q.....y.......................................................................#.....1.....O.....\.....p.........................................................../.....9.....R.....|...........................................................J.....b.....f.....n.....{.................................................................H.....V.....[.....c.....j.....q.............................................../.....>.....u.................................................................-.....F.....V.....].....`.....a.....k.....t.....{.............................$.....c.....i.........................................(.....2.....;.....B.....[.....{.............................@.....V.....].....c.....r............... .....".....%.....(.....*.....+.....,.......E.../.^...0.g...1.....3.....4.....5.....6.....7.:...8._...9.t...;.....<.....=.....>.....?.....@.....A.....C...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\uk.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):673547
                                                                                                                                                                                                                                                                    Entropy (8bit):4.9167574403691825
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12288:Yoff7plonpyOKtPXiNcnZx75kB3IjE8EmLvLNiXEJq//GW:YoffaXMd59E7
                                                                                                                                                                                                                                                                    MD5:361A0E1F665B9082A457D36209B92A25
                                                                                                                                                                                                                                                                    SHA1:3C89E1B70B51820BB6BAA64365C64DA6A9898E2F
                                                                                                                                                                                                                                                                    SHA-256:BD02966F6C6258B66EAE7FF014710925E53FE26E8254D7DB4E9147266025CC3A
                                                                                                                                                                                                                                                                    SHA-512:D4D25FC58053F8CCE4C073846706DC1ECBC0DC19308BA35501E19676F3E7ED855D7B57AE22A5637F81CEFC1AA032BF8770D0737DF1924F3504813349387C08CF
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........g...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.(...t.1...v.F...w.S...y.Y...z.h...|.n...}.........................................................................'.....D.....].........................................J...............................................6.....J.....a...................................O.....[.....m.............................C.....M.....].....t...............................................L.....}.........................................=.....d...................................+.....b.....y.............................1.....Q.....}...................................3.....c.....j.....m.....n.....~.............................I...........U.....g...........1.....`.......................*.....>.....R.....`.......................C.....x................./.....A.....U..................... .....".....%.0...(.j...*.....+.....,.........../.J...0.\...1.....3.....4.....5.A...6.....7.....8.....9.....;.....<.%...=.9...>.....?.....@.....A.3...C.m...D...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\ur.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):585532
                                                                                                                                                                                                                                                                    Entropy (8bit):5.197200392190567
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12288:UA3OsGF8Pz0WEJytlkA+7Z5QzUExbW7DQQYrhu6co/9NjjFpvJK:UAe3A85oWB
                                                                                                                                                                                                                                                                    MD5:1CA4FA13BD0089D65DA7CD2376FEB4C6
                                                                                                                                                                                                                                                                    SHA1:B1BA777E635D78D1E98E43E82D0F7A3DD7E97F9C
                                                                                                                                                                                                                                                                    SHA-256:3941364D0278E2C4D686FAA4A135D16A457B4BC98C5A08E62AA12F3ADC09AA7F
                                                                                                                                                                                                                                                                    SHA-512:D0D9EB1AA029BD4C34953EE5F4B60C09CF1D4F0B21C061DB4EDE1B5EC65D7A07FC2F780ADE5CE51F2F781D272AC32257B95EEDF471F7295BA70B5BA51DB6C51D
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........S.h.<...i.D...j.P...k._...l.j...n.r...o.w...p.....r.....s.....t.....v.....w.....y.....z.....|.....}...........................................&.....-.........../.....4.........................................?.....K.....U.........................................3.....H.....g...................................B.....n........................................._.....................................................1.....\.....~.......................G.....k.....z...............................................<...................................\.....................................................:.....U.....s...........................................................$.................b.....w.......................9.....U.....q.....w...................................<.......................?....._.....k........................... .....".....%.0...(.R...*.....+.....,.........../.....0.....1.K...3.e...4.....5.....6.....7.L...8.....9.....;.....<.....=.....>.....?.....@.!...A.Q...C...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\vi.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):466098
                                                                                                                                                                                                                                                                    Entropy (8bit):5.819101554769623
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12288:3CwEs5kAfnzs0ACmwSxXwzIJWl+58Qagi7+URTJziV53f:3qOFfnzs0AHwSGz5A5rri7+UtliV53f
                                                                                                                                                                                                                                                                    MD5:DB0EB3183007DE5AAE10F934FFFACC59
                                                                                                                                                                                                                                                                    SHA1:E9EA7AEFFE2B3F5CF75AB78630DA342C6F8B7FD9
                                                                                                                                                                                                                                                                    SHA-256:DDABB225B671B989789E9C2CCD1B5A8F22141A7D9364D4E6EE9B8648305E7897
                                                                                                                                                                                                                                                                    SHA-512:703EFD12FCACE8172C873006161712DE1919572C58D98B11DE7834C5628444229F5143D231C41DA5B9CF729E32DE58DEE3603CB3D18C6CDD94AA9AA36FBF5DE0
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........_...h.....i.....j.....k.....l.....n.....o.....p.....r.....s.!...t.*...v.?...w.L...y.R...z.a...|.g...}.y.........................................................................................%.....2.....;.....b.....n.....x.........................................%...../.....F.....f.....q...............................................!.....2.....D.....T.....{.................................................................+.....V.....t...........................................................:.....D.....c...................................F.....................................................#.....A.....Q.....i.................................................................E.....z.............................4.....?.....O.....Z.....e.....x.............................<.....T.....z............................................. ."...".;...%.a...(.....*.....+.....,.........../.....0.....1.G...3.T...4.p...5.....6.....7.....8.....9.....;.+...<.5...=.F...>.a...?.m...@.....A.....C...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\zh-CN.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):340874
                                                                                                                                                                                                                                                                    Entropy (8bit):6.70707570391969
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:fmLpS8IeOL27M807pnCKjEWkE0G5xNlEPeVplD:fmLQmK2I1nCKjEjG5xNlEPe
                                                                                                                                                                                                                                                                    MD5:82326E465E3015C64CA1DB77DC6A56BC
                                                                                                                                                                                                                                                                    SHA1:E8ABE12A8DD2CC741B9637FA8F0E646043BBFE3D
                                                                                                                                                                                                                                                                    SHA-256:6655FD9DCDFAF2ABF814FFB6C524D67495AED4D923A69924C65ABEAB30BC74FB
                                                                                                                                                                                                                                                                    SHA-512:4989789C0B2439666DDA4C4F959DFFC0DDCB77595B1F817C13A95ED97619C270151597160320B3F2327A7DAFFC8B521B68878F9E5E5FB3870EB0C43619060407
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:........,...h.J...i.R...j.U...k.d...l.k...m.s...o.y...p.~...r.....s.....t.....v.....w.....|.....}.......................................................%.....'.....,.....Z.....c.....o.......................................................................C.....[.....a.....m.................................................................!.....9.....E.....i.....x.....~.................................................................2.....J.....b.....n.....t.....|...........................................................%.....=.....^......................................................................./.....C.....R.....Y.....\.....^.....s.....|.........................................>.....D.......................................................................(.....@.....j.....|...............................................%... .+...".7...%.R...(.g...*.|...+.....,.........../.....0.....1.....3. ...4.5...5.V...6.....7.....8.....9.....;.....<.....=.....>.,...?.<...@.T...A.....C.....D...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\locales\zh-TW.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):338121
                                                                                                                                                                                                                                                                    Entropy (8bit):6.721086394879431
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:zQmZEIQee2hZuwv+2440f5lHz8wMCM/9ylTN:cvIpn+2440f5lHzgT/C
                                                                                                                                                                                                                                                                    MD5:2456BF42275F15E016689DA166DF9008
                                                                                                                                                                                                                                                                    SHA1:70F7DE47E585DFEA3F5597B5BBA1F436510DECD7
                                                                                                                                                                                                                                                                    SHA-256:ADF8DF051B55507E5A79FA47AE88C7F38707D02DFAC0CC4A3A7E8E17B58C6479
                                                                                                                                                                                                                                                                    SHA-512:7E622AFA15C70785AAF7C19604D281EFE0984F621D6599058C97C19D3C0379B2EE2E03B3A7EC597040A4EEE250A782D7EC55C335274DD7DB7C7CA97DDCFD378A
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:............h.....i.+...j./...k.>...l.I...n.Q...o.V...p.^...r.d...s.u...t.~...v.....w.....y.....z.....|.....}.............................................................>.....G.....S.....b.....h.....................................................!.....0.....H.....N.....Z.....i.....r.....~.................................................................2.....D.....J.....S....._.....k.....q.....w.....}.......................................................................).....5.....B.....W.....c.....o.........................................&...../.....;.....G.....Y.....t.....w...............................................................................................[.........................................?.....K.....W.....].....i.....o.....u.........................................E.....T.....Z.....`.....l............... .....".....%.....(.....*.....+.....,.......C.../.[...0.d...1.....3.....4.....5.....6.....7.%...8.7...9.C...;.U...<.e...=.u...>.....?.....@.....A.....C.....D...

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\resources.pak

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):5430320
                                                                                                                                                                                                                                                                    Entropy (8bit):7.995406820581218
                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                    SSDEEP:98304:/Zgm9tHEEIcjWbEvKfwa2sEJFz993CNh1QeHQF5qrwrw5z0uxRRrY2kuDYj9ds:RgAtkEx4EKfatyNhHwFkkrw5IcRRtkFs
                                                                                                                                                                                                                                                                    MD5:7971A016AED2FB453C87EB1B8E3F5EB2
                                                                                                                                                                                                                                                                    SHA1:92B91E352BE8209FADCF081134334DEA147E23B8
                                                                                                                                                                                                                                                                    SHA-256:9CFD5D29CDE3DE2F042E5E1DA629743A7C95C1211E1B0B001E4EEBC0F0741E06
                                                                                                                                                                                                                                                                    SHA-512:42082AC0C033655F2EDAE876425A320D96CDAEE6423B85449032C63FC0F7D30914AA3531E65428451C07912265B85F5FEE2ED0BBDB362994D3A1FA7B14186013
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:............f.R......&....h).....,...4_?...4.G...4.J...4.\...4.e...4.l...4Ho...4.u...4.w...4.y...4.}...4....4&....4H....4.....4....4.....4F....4.....4.....4[....4d....4e....4.....4.....4.....4l....4.....4.....4.....4.....4g....4.....5.....5?....5.....5.....5H....5.:...5.=..~5]D...5oE...5;F...57H...5.H...5mI...5}M...56O...5.T...5{y...5c....5.....5.....5.....5.....5.....5G....5W....<.....<Y(...<.*...<j,...<N-...<.1..,<.2..-</=...<.H../<.T..0<._...@.p...@.x...@g|...@}}...@.~...@.i...Agv...A]x...A.....A.....A'....A....A.....A.....AT....Al....A.....A.....Ao....A$....A.....A2....A=....Ae....A.....A.....AS!...A.%...AH,...Am:...AM<...A:>...A.@...AuB...A.C.. AZF...N....N.....N.....Nc....NL....N....NM....N.....O.....O}....O.....O.....O#....O.....O}....O.....Od....O4....O.....O.0...O.7...Og>...O.A..$O.W..%O.Y..&O]c..'O.d..(O.i..)O.k..*Opm..+O.x..,O(|..-Oq....O..../O....0O....1O...2Og...3O....4O....5Ot...6O....7O....8OV...9OB...:O....;Om...<O....=O....>O....?Om...@OI...AO....BO....CO....DO..

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\resources\app.asar

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):33320957
                                                                                                                                                                                                                                                                    Entropy (8bit):6.361797611132365
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:196608:0K0V3rXjcovQ07qq+EDu2g1G5psKI4ne1Jpgjrnqd3cCUeo88H88D888HjtkEyBz:ErXoovhW/EDBeKIYeZ+ud+
                                                                                                                                                                                                                                                                    MD5:6D513BC85BE867C001A77D1DC2913952
                                                                                                                                                                                                                                                                    SHA1:BF910AABE8A750C0B34AED134E27ACBCC65A35F5
                                                                                                                                                                                                                                                                    SHA-256:147B789ED9537EE80A7F73199DEFFEAC3F0546B6DC6722A92D8AB812C67F1247
                                                                                                                                                                                                                                                                    SHA-512:6AF7FAF800B6D5077C3E4D5182C245E6C0D79A22414C90A2A11CE09EAAB4119219B600F13CBFFF09A7E598CA196A1305AE99D3CC4FAC321222EB8A486A8508D2
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:....P...L...H...{"files":{"196b109f79670e11.js":{"size":2279873,"integrity":{"algorithm":"SHA256","hash":"1f74cfb89a99c40fc17fa85ba2f1db584e64dabd5ae85fc228cf60857741a2f5","blockSize":4194304,"blocks":["1f74cfb89a99c40fc17fa85ba2f1db584e64dabd5ae85fc228cf60857741a2f5"]},"offset":"0"},"package.json":{"size":576,"integrity":{"algorithm":"SHA256","hash":"bd12377370f62b5bf16e03766b69ac68c21c799713dd71c5ef612e45a1393693","blockSize":4194304,"blocks":["bd12377370f62b5bf16e03766b69ac68c21c799713dd71c5ef612e45a1393693"]},"offset":"2279873"},"node_modules":{"files":{"@isaacs":{"files":{"cliui":{"files":{"LICENSE.txt":{"size":731,"integrity":{"algorithm":"SHA256","hash":"2dc0465729366c3a7890dfa9e972a1ba7048a26c02116fb8b419a6a1ac110149","blockSize":4194304,"blocks":["2dc0465729366c3a7890dfa9e972a1ba7048a26c02116fb8b419a6a1ac110149"]},"offset":"7988439"},"index.mjs":{"size":299,"integrity":{"algorithm":"SHA256","hash":"b75d22297e1bd8992f86218f1749435d05921d2d765697e46a43f680b2edc859","blockSize":4

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\resources\elevate.exe

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):107520
                                                                                                                                                                                                                                                                    Entropy (8bit):6.442687067441468
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
                                                                                                                                                                                                                                                                    MD5:792B92C8AD13C46F27C7CED0810694DF
                                                                                                                                                                                                                                                                    SHA1:D8D449B92DE20A57DF722DF46435BA4553ECC802
                                                                                                                                                                                                                                                                    SHA-256:9B1FBF0C11C520AE714AF8AA9AF12CFD48503EEDECD7398D8992EE94D1B4DC37
                                                                                                                                                                                                                                                                    SHA-512:6C247254DC18ED81213A978CCE2E321D6692848C64307097D2C43432A42F4F4F6D3CF22FB92610DFA8B7B16A5F1D94E9017CF64F88F2D08E79C0FE71A9121E40
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B..O..............h.......j.q.....k.....e......e......e.......zR........._...h......h.f.............h......Rich....................PE..L......W............................l........0....@.......................................@....................................P.......x.......................T.......p...............................@............0..$............................text............................... ..`.rdata...k...0...l..................@..@.data...............................@....gfids..............................@..@.rsrc...x...........................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\snapshot_blob.bin

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):162352
                                                                                                                                                                                                                                                                    Entropy (8bit):4.860588090157433
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:1536:uebVb91USSzM+uCPNgswpzHD41OzB965pUB8/DR9BgyLMRPoq/rX4JHj/kMKE0YC:uTgsED41OV965LXMj4zF2Xl9B
                                                                                                                                                                                                                                                                    MD5:8FEF5A96DBCC46887C3FF392CBDB1B48
                                                                                                                                                                                                                                                                    SHA1:ED592D75222B7828B7B7AAB97B83516F60772351
                                                                                                                                                                                                                                                                    SHA-256:4DE0F720C416776423ADD7ADA621DA95D0D188D574F08E36E822AD10D85C3ECE
                                                                                                                                                                                                                                                                    SHA-512:E52C7820C69863ECC1E3B552B7F20DA2AD5492B52CAC97502152EBFF45E7A45B00E6925679FD7477CDC79C68B081D6572EEED7AED773416D42C9200ACCC7230E
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:.........4D11.0.226.20-electron.0...........................................6.. ...`.......06..a........a........a........ar.......a........a..............a.D.q..........`$.........D.u..........`$.......D.y..........`$.......u.D.}..........`$.........D............`D.........D............`$.......=.D............`$.......D............`$.......D............`$.........D............`$.......D............`$......ID............`$.......D............`$.......D............`$....(Jb....D.....@..F^.!..%.`.....(Jb....H.....@..F^..`.....H...IDa........D`....D`....D`.......`.....D]...D....D`......VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa............L.........................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\v8_context_snapshot.bin

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):476792
                                                                                                                                                                                                                                                                    Entropy (8bit):5.595608653079527
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3072:qqgtKzy7vqUSMd+5ZTR4ymbsLIniZiYIU+gTh3WOdvmttow2LyZDvooPmdZwmNgi:lgEzy2NTROsLftIU+gTQ4E2ro+dOmp
                                                                                                                                                                                                                                                                    MD5:A373D83D4C43BA957693AD57172A251B
                                                                                                                                                                                                                                                                    SHA1:8E0FDB714DF2F4CB058BEB46C06AA78F77E5FF86
                                                                                                                                                                                                                                                                    SHA-256:43B58CA4057CF75063D3B4A8E67AA9780D9A81D3A21F13C64B498BE8B3BA6E0C
                                                                                                                                                                                                                                                                    SHA-512:07FBD84DC3E0EC1536CCB54D5799D5ED61B962251ECE0D48E18B20B0FC9DD92DE06E93957F3EFC7D9BED88DB7794FE4F2BEC1E9B081825E41C6AC3B4F41EAB18
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:.........K..11.0.226.20-electron.0..............................................`....f..8...........h...a........a........aT.......ar.......a........a..............a.D.q..........`$.........D.u..........`$.......D.y..........`$.......u.D.}..........`$.........D............`D.........D............`$.......=.D............`$.......D............`$.......D............`$.........D............`$.......D............`$......ID............`$.......D............`$.......D............`$....(Jb....D.....@..F^.!..%.`.....(Jb....H.....@..F^..`.....H...IDa........D`....D`....D`.......`.....D]...D....D`......VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa...........VIa............L.................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\vk_swiftshader.dll

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):5209088
                                                                                                                                                                                                                                                                    Entropy (8bit):6.329767466271418
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:49152:tG7ixZvPbWjIXTFy1RYQZHJvuZBiDTwgvsrt5/PXd0kpmaN+WUf4CvB25zT7RCAq:c7iDPqjvzO1Lhgf49zT7grg4
                                                                                                                                                                                                                                                                    MD5:A0845E0774702DA9550222AB1B4FDED7
                                                                                                                                                                                                                                                                    SHA1:65D5BD6C64090F0774FD0A4C9B215A868B48E19B
                                                                                                                                                                                                                                                                    SHA-256:6150A413EBE00F92F38737BDCCF493D19921EF6329FCD48E53DE9DBDE4780810
                                                                                                                                                                                                                                                                    SHA-512:4BE0CB1E3C942A1695BAE7B45D21C5F70E407132ECC65EFB5B085A50CDAB3C33C26E90BD7C86198EC40FB2B18D026474B6C649776A3CA2CA5BFF6F922DE2319B
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...>..d.........." ......?..........&8...................................... Q...........`A........................................X.J.~.....J.P.....P.......N..c............P..}....J.....................h.J.(...@.?.8...........x.K.P............................text...".?.......?................. ..`.rdata..$.....?.. ....?.............@..@.data...`.....K.......K.............@....pdata...c....N..d...\M.............@..@.00cfg..(.....P.......N.............@..@.gxfg...`,... P.......N.............@..@.retplne\....PP.......N..................tls....Q....`P.......N.............@....voltbl.8....pP.......N................._RDATA........P.......N.............@..@.rsrc.........P.......N.............@..@.reloc...}....P..~....N.............@..B........................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\vk_swiftshader_icd.json

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):106
                                                                                                                                                                                                                                                                    Entropy (8bit):4.724752649036734
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                                                                                                                                                                    MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                                                                                                    SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                                                                                                    SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                                                                                                    SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\7z-out\vulkan-1.dll

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):920576
                                                                                                                                                                                                                                                                    Entropy (8bit):6.556557427650666
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:24576:PR9nl1crwjLAQw6Z5WUDYsH56g3P0zAk7:PR1l1culw6Z5WUDYsH56g3P0zAk7
                                                                                                                                                                                                                                                                    MD5:0E4E0F481B261EA59F196E5076025F77
                                                                                                                                                                                                                                                                    SHA1:C73C1F33B5B42E9D67D819226DB69E60D2262D7B
                                                                                                                                                                                                                                                                    SHA-256:F681844896C084D2140AC210A974D8DB099138FE75EDB4DF80E233D4B287196A
                                                                                                                                                                                                                                                                    SHA-512:E6127D778EC73ACBEB182D42E5CF36C8DA76448FBDAB49971DE88EC4EB13CE63140A2A83FC3A1B116E41F87508FF546C0D7C042B8F4CDD9E07963801F3156BA2
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...>..d.........." .....l................................................................`A............................................<!..T...P...............pn..............<...Tn......................8m..(...@...8............................................text....k.......l.................. ..`.rdata..4............p..............@..@.data....L...P... ...6..............@....pdata..pn.......p...V..............@..@.00cfg..(...........................@..@.gxfg... (... ...*..................@..@.retplne\....P...........................tls.........`......................@....voltbl.8....p.........................._RDATA..............................@..@.rsrc...............................@..@.reloc..<...........................@..B........................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\SpiderBanner.dll

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):9216
                                                                                                                                                                                                                                                                    Entropy (8bit):5.5347224014600345
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
                                                                                                                                                                                                                                                                    MD5:17309E33B596BA3A5693B4D3E85CF8D7
                                                                                                                                                                                                                                                                    SHA1:7D361836CF53DF42021C7F2B148AEC9458818C01
                                                                                                                                                                                                                                                                    SHA-256:996A259E53CA18B89EC36D038C40148957C978C0FD600A268497D4C92F882A93
                                                                                                                                                                                                                                                                    SHA-512:1ABAC3CE4F2D5E4A635162E16CF9125E059BA1539F70086C2D71CD00D41A6E2A54D468E6F37792E55A822D7082FB388B8DFECC79B59226BBB047B7D28D44D298
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../../../..Wy./../../....../..Wi./..Wx./..W~./..W{./..Rich./..................PE..L...T{mW...........!................p!.......0...............................p............@..........................5..o...l1..P....P.......................`.......................................................0...............................text............................... ..`.rdata.......0......................@..@.data........@......................@....rsrc........P......................@..@.reloc..d....`....... ..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\StdUtils.dll

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):102400
                                                                                                                                                                                                                                                                    Entropy (8bit):6.729923587623207
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
                                                                                                                                                                                                                                                                    MD5:C6A6E03F77C313B267498515488C5740
                                                                                                                                                                                                                                                                    SHA1:3D49FC2784B9450962ED6B82B46E9C3C957D7C15
                                                                                                                                                                                                                                                                    SHA-256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
                                                                                                                                                                                                                                                                    SHA-512:9870C5879F7B72836805088079AD5BBAFCB59FC3D9127F2160D4EC3D6E88D3CC8EBE5A9F5D20A4720FE6407C1336EF10F33B2B9621BC587E930D4CBACF337803
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q....C...C...C...C...C...C...C...C...C...C...C...C...C.[.C...C.[.C...C.[.C...C.[.C...CRich...C........................PE..L...I..[...........!.....*...b...............@.......................................+....@..........................}..d....t..........X............................................................................@...............................text....).......*.................. ..`.rdata..TC...@...D..................@..@.data...l............r..............@....rsrc...X............x..............@..@.reloc..j............~..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\System.dll

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                                                                                                                    Entropy (8bit):5.719859767584478
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
                                                                                                                                                                                                                                                                    MD5:0D7AD4F45DC6F5AA87F606D0331C6901
                                                                                                                                                                                                                                                                    SHA1:48DF0911F0484CBE2A8CDD5362140B63C41EE457
                                                                                                                                                                                                                                                                    SHA-256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
                                                                                                                                                                                                                                                                    SHA-512:C07DE7308CB54205E8BD703001A7FE4FD7796C9AC1B4BB330C77C872BF712B093645F40B80CE7127531FE6746A5B66E18EA073AB6A644934ABED9BB64126FEA9
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L....~.\...........!....."...........).......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\app-64.7z

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:7-zip archive data, version 0.4
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):79260688
                                                                                                                                                                                                                                                                    Entropy (8bit):7.999994745298454
                                                                                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                                                                                    SSDEEP:1572864:B4opqebwv/Ubzv9xFJgHaXOTqPLk8rDbDkkagQkpIEtrI+4IH751iPZR:BHlbq/UHzFJsNH8nkkagQfWrRd11UZR
                                                                                                                                                                                                                                                                    MD5:88AEA4DA9E9BA9EF087412E76CFAE3F4
                                                                                                                                                                                                                                                                    SHA1:C16733FE7A49CAD6EAEDAE4E1B56D386AA68347E
                                                                                                                                                                                                                                                                    SHA-256:28782E4DE27281363B792C9141DC094F09A20B7249DC52A54BBF95D10C468273
                                                                                                                                                                                                                                                                    SHA-512:2E7537C41B9F38709776A5959E6209C7D7B13F81644E7640AEE4582D980AFC68C73F08F55CC125C40B71ECC2D9D188728754B0BAF2B77B83BF1B6C96271D6162
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:7z..'.....F..k......%........m.......]...6...#k.![y.`.Gr#.f..F.....c}.R|..j=...,._..z..gC5Q.j...7S.:0`..o..^.._e....0.....K....T).XS.CPP'....B...&...<..f........`".U01o...QI.3i.].vD.d9...V...>%.+..5...~M.,.[.....q..1..../.&.h...4;!<..-O......4r......8..a.\I....=...!NNs.QB.."..M?....J..D...bvy....u#.:,..y..5T^.&'% !"....-...u<kJ..;..9..X6....v..b...T.9u..#.v.(l....n.......v...ZE.i...uEcGJ!c+.;...Z.n.:.0...-...!..$...^l-`A%kX<..,.....2...........^....a...L...s.x..RN.w..]@;~ymo:J.....i..M......h..Z.nL...........J}J.. .l...O...[5.>.5........;....o..up..1.N4H9.K..es....l.(.-W=(z.OR.|r .k.......\.?}.ua..L.~..'K).&...iIAoe...u.. ...Z.f../8P.....H._.!........@_.S..m.*F....g....-....i.:&i..h.n..6&..H.}..!.T...e....S.........$.....Sazv...[.W9+.A..}P^.p........uFh..\o...Ft...$.p..-.....:).......g\...&>.^.<..!8N.@mmC....?.Q.(.]t....8.i.........!fh..dd....)...eL.L`.a..Z1hD.$.j..[Fz..I..b.C.|...._\.w$..5.rB.+....B..&!....i..J..8..7..u..x.h...?......!p.

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\nsExec.dll

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):6656
                                                                                                                                                                                                                                                                    Entropy (8bit):5.155286976455086
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:96:YjHFiKaoggCtJzTlKXb0tbo68qD853Ns7GgmkNq3m+s:JbogRtJzTlNR8qD85uGgmkNr
                                                                                                                                                                                                                                                                    MD5:EC0504E6B8A11D5AAD43B296BEEB84B2
                                                                                                                                                                                                                                                                    SHA1:91B5CE085130C8C7194D66B2439EC9E1C206497C
                                                                                                                                                                                                                                                                    SHA-256:5D9CEB1CE5F35AEA5F9E5A0C0EDEEEC04DFEFE0C77890C80C70E98209B58B962
                                                                                                                                                                                                                                                                    SHA-512:3F918F1B47E8A919CBE51EB17DC30ACC8CFC18E743A1BAE5B787D0DB7D26038DC1210BE98BF5BA3BE8D6ED896DBBD7AC3D13E66454A98B2A38C7E69DAD30BB57
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,..................Rich...........PE..L....~.\...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..L.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\nsis7z.dll

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):434176
                                                                                                                                                                                                                                                                    Entropy (8bit):6.584811966667578
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:6144:aUWQQ5O3fz0NG3ucDaEUTWfk+ZA0NrCL/k+uyoyBOX1okfW7w+Pfzqibckl:an5QEG39fPAkrE4yrBOXDfaNbck
                                                                                                                                                                                                                                                                    MD5:80E44CE4895304C6A3A831310FBF8CD0
                                                                                                                                                                                                                                                                    SHA1:36BD49AE21C460BE5753A904B4501F1ABCA53508
                                                                                                                                                                                                                                                                    SHA-256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
                                                                                                                                                                                                                                                                    SHA-512:C8BA7B1F9113EAD23E993E74A48C4427AE3562C1F6D9910B2BBE6806C9107CF7D94BC7D204613E4743D0CD869E00DAFD4FB54AAD1E8ADB69C553F3B9E5BC64DF
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.6a..X2..X2..X2m.[3..X2m.]3..X2Z.]3+.X2Z.\3..X2Z.[3..X2m.\3..X2m.Y3..X2..Y2..X2..\3#.X2..]3..X2..X3..X2...2..X2...2..X2..Z3..X2Rich..X2........PE..L.....\...........!......................... ...............................@............@..........................6.......7..d................................E.....................................@............ ...............................text............................... ..`.rdata..8"... ...$..................@..@.data........P... ...6..............@....rsrc................V..............@..@.reloc...E.......F...Z..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\xvqbjcbdhoq4.zip

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                                    File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):304
                                                                                                                                                                                                                                                                    Entropy (8bit):3.3248014991837365
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:vhjPM8tl/as4K5jPM8tl/9lojm9PM8tl/3EWVArn3tU8tl/XXvK4KV3tU8tl/9li:5jHgS5jHi0HO0WxR/cVxSmIc4WSB8lC
                                                                                                                                                                                                                                                                    MD5:70D3351A284D68DF9156FB6B43AF63F2
                                                                                                                                                                                                                                                                    SHA1:D94FE64C3F4A89D7E0079C40CC138516D6295772
                                                                                                                                                                                                                                                                    SHA-256:50963C4E5CB89DA96A642CD002FA1CB4A71382646ED96B50F2584E1FD810AC7F
                                                                                                                                                                                                                                                                    SHA-512:659E79DA802ED1918263BBF9EB50C9981A102563E3225A1C9B9B0E949B8C0C34E356B77823B4BCFD2AF472EED2792BE7C260505E275E8AA1A0EB4BD7262CFC0E
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:PK...........Y................Autofill/PK...........Y................Cookies/PK...........Y................Passwords/PK.............Y.........................A....Autofill/PK.............Y.........................A'...Cookies/PK.............Y.........................AM...Passwords/PK..............u.....

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\All_Wallets.zip

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                                    File Type:Zip archive data (empty)
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):22
                                                                                                                                                                                                                                                                    Entropy (8bit):1.0476747992754052
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:3:pjt/l:Nt
                                                                                                                                                                                                                                                                    MD5:76CDB2BAD9582D23C1F6F4D868218D6C
                                                                                                                                                                                                                                                                    SHA1:B04F3EE8F5E43FA3B162981B50BB72FE1ACABB33
                                                                                                                                                                                                                                                                    SHA-256:8739C76E681F900923B900C9DF0EF75CF421D39CABB54650C4B9AD19B6A76D85
                                                                                                                                                                                                                                                                    SHA-512:5E2F959F36B66DF0580A94F384C5FC1CEEEC4B2A3925F062D7B68F21758B86581AC2ADCFDDE73A171A28496E758EF1B23CA4951C05455CDAE9357CC3B5A5825F
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:PK....................

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\unrealgame\5c9b78fb-578f-4fe5-9f07-36bff3624a57.tmp

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):389
                                                                                                                                                                                                                                                                    Entropy (8bit):5.650986727154189
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12:YKWSg99rrt+yeVJRSrninkDJrp5Qm8dII3:YKWfrrtR4JvkX5QxdII3
                                                                                                                                                                                                                                                                    MD5:7D6D64DE81FDBDEBD7BF3C16DF6A2692
                                                                                                                                                                                                                                                                    SHA1:2B8CB6C1615755610CCF01F8F7C78E3E0DADDCE2
                                                                                                                                                                                                                                                                    SHA-256:F8BB1001AE635209DFBE5A5EC79336246C85A1BECD988E2EBD711FF007D65752
                                                                                                                                                                                                                                                                    SHA-512:6C87B781DCE6C4180A00DA3915467DB87157E599F6A2B954769446D215C649EC68962F9C0C776C677B187F2E2D8D8C56066568E9F5EB002C8F418F479EADF7FF
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:{"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADacuojRefESJioRTg6FSjaAAAAAAIAAAAAABBmAAAAAQAAIAAAAJ3Og4IM87n3YD1xB4zDXmaLpFae3HuvtJGdGL3FQ6geAAAAAA6AAAAAAgAAIAAAAB5lJ3lga31/TA79phOa/76rwNrHrz2viLYLtsqUBH79MAAAAHVS0kHzmOqBLSMiouhSPi40fGQ6bUAsctQP/Cf488uibonzsYHevx3xKCkRLSH9iEAAAACJxxencF58kzuMFnwkGjrWRTCNr7azt25KsJN19t+KOmHa1chc9sDDlnhFlzSxMEaj1w5PJ5mO61C+mv9iJo9s"}}

                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\unrealgame\Local State (copy)

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                                                    Size (bytes):389
                                                                                                                                                                                                                                                                    Entropy (8bit):5.650986727154189
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:12:YKWSg99rrt+yeVJRSrninkDJrp5Qm8dII3:YKWfrrtR4JvkX5QxdII3
                                                                                                                                                                                                                                                                    MD5:7D6D64DE81FDBDEBD7BF3C16DF6A2692
                                                                                                                                                                                                                                                                    SHA1:2B8CB6C1615755610CCF01F8F7C78E3E0DADDCE2
                                                                                                                                                                                                                                                                    SHA-256:F8BB1001AE635209DFBE5A5EC79336246C85A1BECD988E2EBD711FF007D65752
                                                                                                                                                                                                                                                                    SHA-512:6C87B781DCE6C4180A00DA3915467DB87157E599F6A2B954769446D215C649EC68962F9C0C776C677B187F2E2D8D8C56066568E9F5EB002C8F418F479EADF7FF
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:{"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADacuojRefESJioRTg6FSjaAAAAAAIAAAAAABBmAAAAAQAAIAAAAJ3Og4IM87n3YD1xB4zDXmaLpFae3HuvtJGdGL3FQ6geAAAAAA6AAAAAAgAAIAAAAB5lJ3lga31/TA79phOa/76rwNrHrz2viLYLtsqUBH79MAAAAHVS0kHzmOqBLSMiouhSPi40fGQ6bUAsctQP/Cf488uibonzsYHevx3xKCkRLSH9iEAAAACJxxencF58kzuMFnwkGjrWRTCNr7azt25KsJN19t+KOmHa1chc9sDDlnhFlzSxMEaj1w5PJ5mO61C+mv9iJo9s"}}

                                                                                                                                                                                                                                                                    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log

                                                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                                                    Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                                                                                    Size (bytes):4926
                                                                                                                                                                                                                                                                    Entropy (8bit):3.2391519016385746
                                                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                                                    SSDEEP:48:FaqdF79/0+AAHdKoqKFxcxkF3/waqdF7w+AAHdKoqKFxcxkFQ:cEi+AAsoJjykzEw+AAsoJjykm
                                                                                                                                                                                                                                                                    MD5:FEE3E6293C13A3EBFE5464BABD011F3E
                                                                                                                                                                                                                                                                    SHA1:CD519FAD8862EB20DDC739FCDA4D5D591D24978D
                                                                                                                                                                                                                                                                    SHA-256:FCA6BDC826DEEE57E92CF202581E006D51DD05657CC136E57D8D5B12A1D6D93E
                                                                                                                                                                                                                                                                    SHA-512:A844263F464F8161F7030418A1524B62BCE0A00A8CE99455C06A6BB38E416BEBC98E233D3AE03AA070E7CF21701B90B6939DE25F2037333CC3DCC857D484C798
                                                                                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                                                                                    Reputation:unknown
                                                                                                                                                                                                                                                                    Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. W.e.d. .. O.c.t. .. 0.4. .. 2.0.2.3. .1.2.:.0.3.:.4.2.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .W.S.C. .S.t.a.t.e. .I.n.f.o. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .A.n.t.i.V.i.r.u.s.P.r.o.d.u.c.t. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....d.i.s.p.l.a.y.N.a.m.e. .=. .[.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.].....p.a.t.h.T.o.S.i.g.n.e.d.P.r.o.d.u.c.t.E.x.e. .=. .[.w.i.n.d.o.w.s.d.

                                                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                                    Entropy (8bit):7.999980549853268
                                                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                    File name:Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    File size:79'764'652 bytes
                                                                                                                                                                                                                                                                    MD5:0157b710ec82b63db471a4030979fbd3
                                                                                                                                                                                                                                                                    SHA1:03e1e97522f61193836a6f2b489699ba5b087b5e
                                                                                                                                                                                                                                                                    SHA256:4bcd67e69705a2aed00ecfb30e2e9f05af8a0e00d5cb787e8427d100f766ca54
                                                                                                                                                                                                                                                                    SHA512:64007bef4f0f44c6b46bb858f18a330b7e9c2fcc042cbf240d37290b5b128ed17c539b3b1b78c2852499c55ac4dcd151d9fd1ed0bb55aacd2bef7c2359664f8d
                                                                                                                                                                                                                                                                    SSDEEP:1572864:c44opqebwv/Ubzv9xFJgHaXOTqPLk8rDbDkkagQkpIEtrI+4IH751iPZG:c4Hlbq/UHzFJsNH8nkkagQfWrRd11UZG
                                                                                                                                                                                                                                                                    TLSH:A90833D0887D9412E8841D7E9EA54BFC969A37356FF3D88AC041BD7CEEB301D071986A
                                                                                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................h...8...@.

                                                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                                                    Icon Hash:0771ccf8d84d2907

                                                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Entrypoint:0x40338f
                                                                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                    Time Stamp:0x5C157F86 [Sat Dec 15 22:26:14 2018 UTC]
                                                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                                                    OS Version Major:4
                                                                                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                                                                                    File Version Major:4
                                                                                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                                                                                    Subsystem Version Major:4
                                                                                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                                                                                    Import Hash:b34f154ec913d2d2c435cbd644e91687

                                                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                                                    sub esp, 000002D4h
                                                                                                                                                                                                                                                                    push ebx
                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                    push edi
                                                                                                                                                                                                                                                                    push 00000020h
                                                                                                                                                                                                                                                                    pop edi
                                                                                                                                                                                                                                                                    xor ebx, ebx
                                                                                                                                                                                                                                                                    push 00008001h
                                                                                                                                                                                                                                                                    mov dword ptr [esp+14h], ebx
                                                                                                                                                                                                                                                                    mov dword ptr [esp+10h], 0040A2E0h
                                                                                                                                                                                                                                                                    mov dword ptr [esp+1Ch], ebx
                                                                                                                                                                                                                                                                    call dword ptr [004080A8h]
                                                                                                                                                                                                                                                                    call dword ptr [004080A4h]
                                                                                                                                                                                                                                                                    and eax, BFFFFFFFh
                                                                                                                                                                                                                                                                    cmp ax, 00000006h
                                                                                                                                                                                                                                                                    mov dword ptr [0047AEECh], eax
                                                                                                                                                                                                                                                                    je 00007FD76CF5F9C3h
                                                                                                                                                                                                                                                                    push ebx
                                                                                                                                                                                                                                                                    call 00007FD76CF62C75h
                                                                                                                                                                                                                                                                    cmp eax, ebx
                                                                                                                                                                                                                                                                    je 00007FD76CF5F9B9h
                                                                                                                                                                                                                                                                    push 00000C00h
                                                                                                                                                                                                                                                                    call eax
                                                                                                                                                                                                                                                                    mov esi, 004082B0h
                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                    call 00007FD76CF62BEFh
                                                                                                                                                                                                                                                                    push esi
                                                                                                                                                                                                                                                                    call dword ptr [00408150h]
                                                                                                                                                                                                                                                                    lea esi, dword ptr [esi+eax+01h]
                                                                                                                                                                                                                                                                    cmp byte ptr [esi], 00000000h
                                                                                                                                                                                                                                                                    jne 00007FD76CF5F99Ch
                                                                                                                                                                                                                                                                    push 0000000Ah
                                                                                                                                                                                                                                                                    call 00007FD76CF62C48h
                                                                                                                                                                                                                                                                    push 00000008h
                                                                                                                                                                                                                                                                    call 00007FD76CF62C41h
                                                                                                                                                                                                                                                                    push 00000006h
                                                                                                                                                                                                                                                                    mov dword ptr [0047AEE4h], eax
                                                                                                                                                                                                                                                                    call 00007FD76CF62C35h
                                                                                                                                                                                                                                                                    cmp eax, ebx
                                                                                                                                                                                                                                                                    je 00007FD76CF5F9C1h
                                                                                                                                                                                                                                                                    push 0000001Eh
                                                                                                                                                                                                                                                                    call eax
                                                                                                                                                                                                                                                                    test eax, eax
                                                                                                                                                                                                                                                                    je 00007FD76CF5F9B9h
                                                                                                                                                                                                                                                                    or byte ptr [0047AEEFh], 00000040h
                                                                                                                                                                                                                                                                    push ebp
                                                                                                                                                                                                                                                                    call dword ptr [00408044h]
                                                                                                                                                                                                                                                                    push ebx
                                                                                                                                                                                                                                                                    call dword ptr [004082A0h]
                                                                                                                                                                                                                                                                    mov dword ptr [0047AFB8h], eax
                                                                                                                                                                                                                                                                    push ebx
                                                                                                                                                                                                                                                                    lea eax, dword ptr [esp+34h]
                                                                                                                                                                                                                                                                    push 000002B4h
                                                                                                                                                                                                                                                                    push eax
                                                                                                                                                                                                                                                                    push ebx
                                                                                                                                                                                                                                                                    push 00440208h
                                                                                                                                                                                                                                                                    call dword ptr [00408188h]
                                                                                                                                                                                                                                                                    push 0040A2C8h

                                                                                                                                                                                                                                                                    Rich Headers

                                                                                                                                                                                                                                                                    Programming Language:
                                                                                                                                                                                                                                                                    • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x19f0000x5968.rsrc
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                    .text0x10000x66270x68007618d4c0cd8bb67ea9595b4266b3a91fFalse0.6646259014423077data6.450282348506287IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                    .rdata0x80000x14a20x1600eecac1fed9cc6b447d50940d178404d8False0.4405184659090909data5.025178929113415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                    .data0xa0000x70ff80x600db8f31a08a2242d80c29e1f9500c6527False0.5182291666666666data4.037117731448378IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                    .ndata0x7b0000x1240000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                    .rsrc0x19f0000x59680x5a00de31c045e84038aea7ef34bb9bc488a1False0.4951388888888889data5.453547846840774IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                    RT_ICON0x19f5c80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.7213883677298312
                                                                                                                                                                                                                                                                    RT_ICON0x1a06700xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688, 256 important colorsEnglishUnited States0.6751066098081023
                                                                                                                                                                                                                                                                    RT_ICON0x1a15180x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152, 256 important colorsEnglishUnited States0.7851985559566786
                                                                                                                                                                                                                                                                    RT_ICON0x1a1dc00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colorsEnglishUnited States0.6560693641618497
                                                                                                                                                                                                                                                                    RT_ICON0x1a23280x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.8031914893617021
                                                                                                                                                                                                                                                                    RT_ICON0x1a27900x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.3118279569892473
                                                                                                                                                                                                                                                                    RT_ICON0x1a2a780x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.36824324324324326
                                                                                                                                                                                                                                                                    RT_DIALOG0x1a2ba00x202dataEnglishUnited States0.4085603112840467
                                                                                                                                                                                                                                                                    RT_DIALOG0x1a2da80xf8dataEnglishUnited States0.6290322580645161
                                                                                                                                                                                                                                                                    RT_DIALOG0x1a2ea00xeedataEnglishUnited States0.6260504201680672
                                                                                                                                                                                                                                                                    RT_DIALOG0x1a2f900x1fadataEnglishUnited States0.40118577075098816
                                                                                                                                                                                                                                                                    RT_DIALOG0x1a31900xf0dataEnglishUnited States0.6666666666666666
                                                                                                                                                                                                                                                                    RT_DIALOG0x1a32800xe6dataEnglishUnited States0.6565217391304348
                                                                                                                                                                                                                                                                    RT_DIALOG0x1a33680x1eedataEnglishUnited States0.38866396761133604
                                                                                                                                                                                                                                                                    RT_DIALOG0x1a35580xe4dataEnglishUnited States0.6447368421052632
                                                                                                                                                                                                                                                                    RT_DIALOG0x1a36400xdadataEnglishUnited States0.6422018348623854
                                                                                                                                                                                                                                                                    RT_DIALOG0x1a37200x1eedataEnglishUnited States0.3866396761133603
                                                                                                                                                                                                                                                                    RT_DIALOG0x1a39100xe4dataEnglishUnited States0.6359649122807017
                                                                                                                                                                                                                                                                    RT_DIALOG0x1a39f80xdadataEnglishUnited States0.6376146788990825
                                                                                                                                                                                                                                                                    RT_DIALOG0x1a3ad80x1f2dataEnglishUnited States0.39759036144578314
                                                                                                                                                                                                                                                                    RT_DIALOG0x1a3cd00xe8dataEnglishUnited States0.6508620689655172
                                                                                                                                                                                                                                                                    RT_DIALOG0x1a3db80xdedataEnglishUnited States0.6486486486486487
                                                                                                                                                                                                                                                                    RT_DIALOG0x1a3e980x202dataEnglishUnited States0.42217898832684825
                                                                                                                                                                                                                                                                    RT_DIALOG0x1a40a00xf8dataEnglishUnited States0.6653225806451613
                                                                                                                                                                                                                                                                    RT_DIALOG0x1a41980xeedataEnglishUnited States0.6512605042016807
                                                                                                                                                                                                                                                                    RT_GROUP_ICON0x1a42880x68dataEnglishUnited States0.6634615384615384
                                                                                                                                                                                                                                                                    RT_VERSION0x1a42f00x250dataEnglishUnited States0.4847972972972973
                                                                                                                                                                                                                                                                    RT_MANIFEST0x1a45400x423XML 1.0 document, ASCII text, with very long lines (1059), with no line terminatorsEnglishUnited States0.5127478753541076

                                                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                                                    KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                                                                                                                                                                                                    USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                                                                                                                                                                                                                                    GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                                                                                                                                                    SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                                                                                                                                                                                                                                    ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                                                                                                                                                                                    COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                                                                                                                                                                    ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                                                                                                                                                                    Possible Origin

                                                                                                                                                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                    EnglishUnited States

                                                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:29.690854073 CET49737443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:29.690900087 CET4434973738.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:29.691051006 CET49737443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:30.083044052 CET49737443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:30.083066940 CET4434973738.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:31.493860006 CET4434973738.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:31.494327068 CET49737443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:31.494340897 CET4434973738.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:31.495310068 CET4434973738.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:31.495433092 CET49737443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:31.497293949 CET49737443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:31.497330904 CET4434973738.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:31.497419119 CET49737443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:31.507261038 CET49740443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:31.507298946 CET4434974038.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:31.507499933 CET49740443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:31.508222103 CET49740443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:31.508239985 CET4434974038.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:33.177160978 CET4434974038.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:33.177615881 CET49740443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:33.177639961 CET4434974038.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:33.178699970 CET4434974038.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:33.178766012 CET49740443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:33.179554939 CET49740443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:33.179591894 CET4434974038.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:33.179645061 CET49740443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:33.182020903 CET49741443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:33.182058096 CET4434974138.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:33.182146072 CET49741443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:33.182539940 CET49741443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:33.182555914 CET4434974138.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:34.549777985 CET4434974138.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:34.550405025 CET49741443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:34.550427914 CET4434974138.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:34.551321030 CET4434974138.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:34.551429033 CET49741443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:34.553951979 CET49741443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:34.553982019 CET4434974138.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:34.554109097 CET4434974138.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:34.554177999 CET49741443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:34.554177999 CET49741443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:34.736145020 CET49743443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:34.736188889 CET4434974345.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:34.736665964 CET49743443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:34.737035036 CET49743443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:34.737050056 CET4434974345.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:36.215146065 CET4434974345.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:36.215859890 CET49743443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:36.215886116 CET4434974345.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:36.216882944 CET4434974345.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:36.216955900 CET49743443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:36.218126059 CET49743443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:36.218163013 CET4434974345.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:36.218204021 CET49743443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:36.454720020 CET49745443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:36.454762936 CET44349745143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:36.454855919 CET49745443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:36.455327034 CET49745443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:36.455339909 CET44349745143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:37.673675060 CET44349745143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:37.674305916 CET49745443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:37.674321890 CET44349745143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:37.675347090 CET44349745143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:37.675415039 CET49745443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:37.676512957 CET49745443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:37.676558971 CET44349745143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:37.676670074 CET49745443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:37.682280064 CET49746443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:37.682313919 CET4434974638.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:37.682383060 CET49746443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:37.683012962 CET49746443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:37.683027983 CET4434974638.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:39.096446991 CET4434974638.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:39.097795010 CET49746443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:39.097811937 CET4434974638.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:39.098819017 CET4434974638.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:39.098880053 CET49746443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:39.099883080 CET49746443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:39.099940062 CET4434974638.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:39.100025892 CET49746443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.735843897 CET49748443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.735872984 CET44349748172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.735924006 CET49748443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.736049891 CET49749443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.736071110 CET44349749172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.736124992 CET49749443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.736248970 CET49750443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.736257076 CET44349750172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.736331940 CET49750443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.736418962 CET49751443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.736426115 CET44349751172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.736465931 CET49751443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.737623930 CET49751443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.737633944 CET44349751172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.737759113 CET49750443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.737773895 CET44349750172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.737867117 CET49749443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.737878084 CET44349749172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.737971067 CET49748443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.737979889 CET44349748172.217.21.36192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:43.174354076 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:43.174386024 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:43.174489975 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:43.175818920 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:43.175836086 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:43.272628069 CET49748443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:43.272905111 CET49750443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:43.272936106 CET49749443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:43.272969961 CET49751443192.168.2.4172.217.21.36
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:43.959418058 CET49756443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:43.959455013 CET44349756172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:43.959639072 CET49756443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:43.960155010 CET49756443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:43.960181952 CET44349756172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:44.482964993 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:44.483429909 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:44.483453035 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:44.484518051 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:44.484793901 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:44.490288973 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:44.490288973 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:44.490355015 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:44.556443930 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:44.556452990 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:44.752873898 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:45.002291918 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:45.002341986 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:45.002419949 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:45.042781115 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:45.042800903 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:45.262536049 CET44349756172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:45.450750113 CET49756443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:45.530914068 CET49756443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:45.530932903 CET44349756172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:45.532124043 CET44349756172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:45.532138109 CET44349756172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:45.532191992 CET49756443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:45.852365971 CET49756443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:45.852523088 CET44349756172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:46.042618036 CET49756443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:46.042632103 CET44349756172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:46.151020050 CET49756443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:48.080456018 CET49768443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:48.080502033 CET4434976845.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:48.080562115 CET49768443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:48.080889940 CET49768443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:48.080904007 CET4434976845.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:49.456854105 CET4434976845.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:49.460165024 CET49768443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:49.460211992 CET4434976845.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:49.461173058 CET4434976845.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:49.461255074 CET49768443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:49.468357086 CET49768443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:49.468394995 CET4434976845.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:49.468486071 CET4434976845.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:49.468553066 CET49768443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:49.468569994 CET49768443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:49.490087986 CET49770443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:49.490101099 CET44349770143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:49.493478060 CET49770443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:49.493959904 CET49770443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:49.493968964 CET44349770143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:50.757080078 CET44349770143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:50.757559061 CET49770443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:50.757565975 CET44349770143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:50.758445024 CET44349770143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:50.758503914 CET49770443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:50.759402990 CET49770443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:50.759429932 CET44349770143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:50.759484053 CET49770443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:50.761917114 CET49772443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:50.761944056 CET4434977238.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:50.762161016 CET49772443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:50.762542963 CET49772443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:50.762553930 CET4434977238.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:52.175825119 CET4434977238.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:52.180565119 CET49772443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:52.180581093 CET4434977238.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:52.181946993 CET4434977238.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:52.182005882 CET49772443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:52.188966990 CET49772443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:52.188996077 CET4434977238.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:52.189054966 CET49772443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:52.461117029 CET49773443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:52.461146116 CET4434977338.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:52.461215019 CET49773443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:52.461945057 CET49773443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:52.461957932 CET4434977338.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:53.877245903 CET4434977338.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:53.877789974 CET49773443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:53.877811909 CET4434977338.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:53.878902912 CET4434977338.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:53.878973961 CET49773443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:53.879936934 CET49773443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:53.880037069 CET4434977338.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:53.880162001 CET4434977338.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:53.880219936 CET49773443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:53.880238056 CET49773443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:54.903021097 CET49775443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:54.903049946 CET4434977538.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:54.903110027 CET49775443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:54.903719902 CET49775443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:54.903731108 CET4434977538.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:56.265763998 CET4434977538.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:56.266243935 CET49775443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:56.266257048 CET4434977538.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:56.267240047 CET4434977538.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:56.267311096 CET49775443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:56.268027067 CET49775443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:56.268057108 CET4434977538.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:56.268158913 CET4434977538.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:56.268212080 CET49775443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:56.268223047 CET49775443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:00.048917055 CET44349756172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:00.048990011 CET44349756172.64.41.3192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:00.049289942 CET49756443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:02.824156046 CET49779443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:02.824201107 CET4434977945.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:02.824387074 CET49779443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:02.824599981 CET49779443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:02.824615955 CET4434977945.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:04.251822948 CET4434977945.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:04.252265930 CET49779443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:04.252289057 CET4434977945.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:04.253161907 CET4434977945.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:04.253212929 CET49779443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:04.254065990 CET49779443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:04.254102945 CET4434977945.112.123.126192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:04.254154921 CET49779443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:04.257566929 CET49782443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:04.257611036 CET44349782143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:04.257671118 CET49782443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:04.258224964 CET49782443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:04.258239031 CET44349782143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:05.570184946 CET44349782143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:05.570679903 CET49782443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:05.570699930 CET44349782143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:05.571585894 CET44349782143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:05.571770906 CET49782443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:05.572364092 CET49782443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:05.572408915 CET44349782143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:05.572503090 CET44349782143.244.215.221192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:05.572567940 CET49782443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:05.572567940 CET49782443192.168.2.4143.244.215.221
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:05.574246883 CET49788443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:05.574260950 CET4434978838.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:05.574410915 CET49788443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:05.574892998 CET49788443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:05.574903011 CET4434978838.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:06.989557981 CET4434978838.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:06.990267038 CET49788443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:06.990273952 CET4434978838.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:06.991117001 CET4434978838.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:06.991168976 CET49788443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:06.991897106 CET49788443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:06.991921902 CET4434978838.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:06.992013931 CET4434978838.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:06.992130041 CET49788443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:06.992141962 CET49788443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:07.063146114 CET49789443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:07.063180923 CET4434978938.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:07.063361883 CET49789443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:07.064197063 CET49789443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:07.064212084 CET4434978938.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:08.470902920 CET4434978938.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:08.471216917 CET49789443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:08.471240044 CET4434978938.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:08.472225904 CET4434978938.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:08.472280979 CET49789443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:08.473057032 CET49789443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:08.473088980 CET4434978938.172.200.46192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:08.473170996 CET49789443192.168.2.438.172.200.46
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:45.051151037 CET49756443192.168.2.4172.64.41.3
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:33:45.051163912 CET44349756172.64.41.3192.168.2.4

                                                                                                                                                                                                                                                                    UDP Packets

                                                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:34.586838961 CET5232253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:34.730398893 CET53523221.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:36.223651886 CET5843253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:36.453670025 CET53584321.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.581361055 CET6150953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.581614017 CET5442053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.695678949 CET53590151.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.720551014 CET53615091.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.721481085 CET53544201.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.723119020 CET53510791.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:43.032665014 CET5960853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:43.032957077 CET5091953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:43.172142029 CET53596081.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:43.172985077 CET53509191.1.1.1192.168.2.4
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:45.838525057 CET5663853192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:45.838673115 CET5501553192.168.2.41.1.1.1
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:45.980318069 CET53550151.1.1.1192.168.2.4

                                                                                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:34.586838961 CET192.168.2.41.1.1.10x41b9Standard query (0)api.gofile.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:36.223651886 CET192.168.2.41.1.1.10x24c5Standard query (0)file.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.581361055 CET192.168.2.41.1.1.10xdd35Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.581614017 CET192.168.2.41.1.1.10x2584Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:43.032665014 CET192.168.2.41.1.1.10x39c2Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:43.032957077 CET192.168.2.41.1.1.10xd074Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:45.838525057 CET192.168.2.41.1.1.10x603fStandard query (0)ntp.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:45.838673115 CET192.168.2.41.1.1.10x38eStandard query (0)ntp.msn.com65IN (0x0001)false

                                                                                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:34.730398893 CET1.1.1.1192.168.2.40x41b9No error (0)api.gofile.io45.112.123.126A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:36.453670025 CET1.1.1.1192.168.2.40x24c5No error (0)file.io143.244.215.221A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.720551014 CET1.1.1.1192.168.2.40xdd35No error (0)www.google.com172.217.21.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:42.721481085 CET1.1.1.1192.168.2.40x2584No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:43.172142029 CET1.1.1.1192.168.2.40x39c2No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:43.172142029 CET1.1.1.1192.168.2.40x39c2No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:43.172985077 CET1.1.1.1192.168.2.40xd074No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:45.980040073 CET1.1.1.1192.168.2.40x603fNo error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                    Dec 4, 2024 06:32:45.980318069 CET1.1.1.1192.168.2.40x38eNo error (0)ntp.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                    • chrome.cloudflare-dns.com

                                                                                                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                    0192.168.2.449754172.64.41.34438836C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                    2024-12-04 05:32:44 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                    Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                                                                                    Content-Length: 128
                                                                                                                                                                                                                                                                    Accept: application/dns-message
                                                                                                                                                                                                                                                                    Accept-Language: *
                                                                                                                                                                                                                                                                    User-Agent: Chrome
                                                                                                                                                                                                                                                                    Accept-Encoding: identity
                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                    2024-12-04 05:32:44 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                    2024-12-04 05:32:44 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                                                                                    Date: Wed, 04 Dec 2024 05:32:44 GMT
                                                                                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                    Content-Length: 468
                                                                                                                                                                                                                                                                    CF-RAY: 8ec96aec3b73429d-EWR
                                                                                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                    2024-12-04 05:32:44 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 09 00 04 ac d9 a5 83 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                    Data Ascii: wwwgstaticcom)


                                                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                                                    Start time:00:32:02
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\Kameta Setup 1.0.0.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\Kameta Setup 1.0.0.exe"
                                                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                                                    File size:79'764'652 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0157B710EC82B63DB471A4030979FBD3
                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:1
                                                                                                                                                                                                                                                                    Start time:00:32:03
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                    Commandline:cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq KametaSetup.exe" | %SYSTEMROOT%\System32\find.exe "KametaSetup.exe"
                                                                                                                                                                                                                                                                    Imagebase:0x240000
                                                                                                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                                                                                    Start time:00:32:03
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                                                                                    Start time:00:32:03
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\tasklist.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                    Commandline:tasklist /FI "USERNAME eq user" /FI "IMAGENAME eq KametaSetup.exe"
                                                                                                                                                                                                                                                                    Imagebase:0x410000
                                                                                                                                                                                                                                                                    File size:79'360 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0A4448B31CE7F83CB7691A2657F330F1
                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:4
                                                                                                                                                                                                                                                                    Start time:00:32:03
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\find.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\System32\find.exe "KametaSetup.exe"
                                                                                                                                                                                                                                                                    Imagebase:0x730000
                                                                                                                                                                                                                                                                    File size:14'848 bytes
                                                                                                                                                                                                                                                                    MD5 hash:15B158BC998EEF74CFDD27C44978AEA0
                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:6
                                                                                                                                                                                                                                                                    Start time:00:32:24
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff75c4a0000
                                                                                                                                                                                                                                                                    File size:162'028'032 bytes
                                                                                                                                                                                                                                                                    MD5 hash:7153F5DCF75B41969A641F98F370D035
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                                                                                    • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                    • Detection: 1%, Virustotal, Browse
                                                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                                                                                    Start time:00:32:26
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                                                                                                                                                                                                                                                                    Imagebase:0x7ff68f8f0000
                                                                                                                                                                                                                                                                    File size:468'120 bytes
                                                                                                                                                                                                                                                                    MD5 hash:B3676839B2EE96983F9ED735CD044159
                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                                                                                    Start time:00:32:26
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:12
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:15
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:16
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:17
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:18
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:wmic bios get smbiosbiosversion
                                                                                                                                                                                                                                                                    Imagebase:0x7ff602c90000
                                                                                                                                                                                                                                                                    File size:576'000 bytes
                                                                                                                                                                                                                                                                    MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:19
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:20
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:21
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:22
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:23
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM chrome.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:24
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:25
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:26
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:27
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:28
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:29
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:30
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:31
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:32
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:33
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:34
                                                                                                                                                                                                                                                                    Start time:00:32:28
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:35
                                                                                                                                                                                                                                                                    Start time:00:32:29
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:36
                                                                                                                                                                                                                                                                    Start time:00:32:29
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:37
                                                                                                                                                                                                                                                                    Start time:00:32:29
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:38
                                                                                                                                                                                                                                                                    Start time:00:32:29
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:39
                                                                                                                                                                                                                                                                    Start time:00:32:29
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:40
                                                                                                                                                                                                                                                                    Start time:00:32:29
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:41
                                                                                                                                                                                                                                                                    Start time:00:32:29
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:42
                                                                                                                                                                                                                                                                    Start time:00:32:29
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:43
                                                                                                                                                                                                                                                                    Start time:00:32:29
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:44
                                                                                                                                                                                                                                                                    Start time:00:32:29
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:45
                                                                                                                                                                                                                                                                    Start time:00:32:29
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM centbrowser.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:46
                                                                                                                                                                                                                                                                    Start time:00:32:29
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM 7star.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:47
                                                                                                                                                                                                                                                                    Start time:00:32:29
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM msedge.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:48
                                                                                                                                                                                                                                                                    Start time:00:32:29
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM kometa.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:49
                                                                                                                                                                                                                                                                    Start time:00:32:29
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM opera.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:50
                                                                                                                                                                                                                                                                    Start time:00:32:29
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM firefox.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:51
                                                                                                                                                                                                                                                                    Start time:00:32:29
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM brave.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:52
                                                                                                                                                                                                                                                                    Start time:00:32:29
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM uran.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:53
                                                                                                                                                                                                                                                                    Start time:00:32:30
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe" --type=gpu-process --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 --field-trial-handle=2188,i,5456543408629399747,16697329975367127579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
                                                                                                                                                                                                                                                                    Imagebase:0x7ff75c4a0000
                                                                                                                                                                                                                                                                    File size:162'028'032 bytes
                                                                                                                                                                                                                                                                    MD5 hash:7153F5DCF75B41969A641F98F370D035
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:54
                                                                                                                                                                                                                                                                    Start time:00:32:29
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM orbitum.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:55
                                                                                                                                                                                                                                                                    Start time:00:32:29
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM epicprivacybrowser.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:56
                                                                                                                                                                                                                                                                    Start time:00:32:29
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:57
                                                                                                                                                                                                                                                                    Start time:00:32:29
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:58
                                                                                                                                                                                                                                                                    Start time:00:32:30
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:59
                                                                                                                                                                                                                                                                    Start time:00:32:30
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM iridium.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:60
                                                                                                                                                                                                                                                                    Start time:00:32:30
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM vivaldi.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:61
                                                                                                                                                                                                                                                                    Start time:00:32:30
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM sputnik.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:62
                                                                                                                                                                                                                                                                    Start time:00:32:30
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM yandex.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:63
                                                                                                                                                                                                                                                                    Start time:00:32:30
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:64
                                                                                                                                                                                                                                                                    Start time:00:32:30
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:65
                                                                                                                                                                                                                                                                    Start time:00:32:30
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:66
                                                                                                                                                                                                                                                                    Start time:00:32:30
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:67
                                                                                                                                                                                                                                                                    Start time:00:32:30
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:68
                                                                                                                                                                                                                                                                    Start time:00:32:30
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:69
                                                                                                                                                                                                                                                                    Start time:00:32:30
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:70
                                                                                                                                                                                                                                                                    Start time:00:32:30
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:tasklist /FI "IMAGENAME eq msedge.exe"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff75ecf0000
                                                                                                                                                                                                                                                                    File size:106'496 bytes
                                                                                                                                                                                                                                                                    MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:71
                                                                                                                                                                                                                                                                    Start time:00:32:30
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:tasklist /FI "IMAGENAME eq chrome.exe"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff75ecf0000
                                                                                                                                                                                                                                                                    File size:106'496 bytes
                                                                                                                                                                                                                                                                    MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:72
                                                                                                                                                                                                                                                                    Start time:00:32:31
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:tasklist /FI "IMAGENAME eq iexplore.exe"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff75ecf0000
                                                                                                                                                                                                                                                                    File size:106'496 bytes
                                                                                                                                                                                                                                                                    MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:73
                                                                                                                                                                                                                                                                    Start time:00:32:31
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:tasklist /FI "IMAGENAME eq firefox.exe"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff75ecf0000
                                                                                                                                                                                                                                                                    File size:106'496 bytes
                                                                                                                                                                                                                                                                    MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:74
                                                                                                                                                                                                                                                                    Start time:00:32:31
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:tasklist /FI "IMAGENAME eq iexplore.exe"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff75ecf0000
                                                                                                                                                                                                                                                                    File size:106'496 bytes
                                                                                                                                                                                                                                                                    MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:75
                                                                                                                                                                                                                                                                    Start time:00:32:33
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:76
                                                                                                                                                                                                                                                                    Start time:00:32:33
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:77
                                                                                                                                                                                                                                                                    Start time:00:32:33
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:wmic MemoryChip get /format:list
                                                                                                                                                                                                                                                                    Imagebase:0x7ff602c90000
                                                                                                                                                                                                                                                                    File size:576'000 bytes
                                                                                                                                                                                                                                                                    MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:78
                                                                                                                                                                                                                                                                    Start time:00:32:33
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:find /i "Speed"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff6ed9c0000
                                                                                                                                                                                                                                                                    File size:17'920 bytes
                                                                                                                                                                                                                                                                    MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:79
                                                                                                                                                                                                                                                                    Start time:00:32:34
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:80
                                                                                                                                                                                                                                                                    Start time:00:32:34
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:81
                                                                                                                                                                                                                                                                    Start time:00:32:34
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:wmic path win32_VideoController get name
                                                                                                                                                                                                                                                                    Imagebase:0x7ff602c90000
                                                                                                                                                                                                                                                                    File size:576'000 bytes
                                                                                                                                                                                                                                                                    MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:82
                                                                                                                                                                                                                                                                    Start time:00:32:35
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:83
                                                                                                                                                                                                                                                                    Start time:00:32:35
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:84
                                                                                                                                                                                                                                                                    Start time:00:32:36
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Programs\unrealgame\KametaSetup.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\user\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=1208 --field-trial-handle=2188,i,5456543408629399747,16697329975367127579,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
                                                                                                                                                                                                                                                                    Imagebase:0x7ff75c4a0000
                                                                                                                                                                                                                                                                    File size:162'028'032 bytes
                                                                                                                                                                                                                                                                    MD5 hash:7153F5DCF75B41969A641F98F370D035
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:85
                                                                                                                                                                                                                                                                    Start time:00:32:35
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
                                                                                                                                                                                                                                                                    Imagebase:0x7ff788560000
                                                                                                                                                                                                                                                                    File size:452'608 bytes
                                                                                                                                                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:86
                                                                                                                                                                                                                                                                    Start time:00:32:37
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:87
                                                                                                                                                                                                                                                                    Start time:00:32:37
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:88
                                                                                                                                                                                                                                                                    Start time:00:32:37
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:wmic bios get smbiosbiosversion
                                                                                                                                                                                                                                                                    Imagebase:0x7ff602c90000
                                                                                                                                                                                                                                                                    File size:576'000 bytes
                                                                                                                                                                                                                                                                    MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:89
                                                                                                                                                                                                                                                                    Start time:00:32:37
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:90
                                                                                                                                                                                                                                                                    Start time:00:32:37
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:91
                                                                                                                                                                                                                                                                    Start time:00:32:37
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:wmic MemoryChip get /format:list
                                                                                                                                                                                                                                                                    Imagebase:0x7ff602c90000
                                                                                                                                                                                                                                                                    File size:576'000 bytes
                                                                                                                                                                                                                                                                    MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:92
                                                                                                                                                                                                                                                                    Start time:00:32:37
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:find /i "Speed"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff6ed9c0000
                                                                                                                                                                                                                                                                    File size:17'920 bytes
                                                                                                                                                                                                                                                                    MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:93
                                                                                                                                                                                                                                                                    Start time:00:32:37
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:94
                                                                                                                                                                                                                                                                    Start time:00:32:38
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:95
                                                                                                                                                                                                                                                                    Start time:00:32:38
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:wmic path win32_VideoController get name
                                                                                                                                                                                                                                                                    Imagebase:0x7ff602c90000
                                                                                                                                                                                                                                                                    File size:576'000 bytes
                                                                                                                                                                                                                                                                    MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:96
                                                                                                                                                                                                                                                                    Start time:00:32:38
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:97
                                                                                                                                                                                                                                                                    Start time:00:32:38
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:98
                                                                                                                                                                                                                                                                    Start time:00:32:38
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
                                                                                                                                                                                                                                                                    Imagebase:0x7ff788560000
                                                                                                                                                                                                                                                                    File size:452'608 bytes
                                                                                                                                                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:99
                                                                                                                                                                                                                                                                    Start time:00:32:38
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:100
                                                                                                                                                                                                                                                                    Start time:00:32:38
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM msedge.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:101
                                                                                                                                                                                                                                                                    Start time:00:32:38
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:102
                                                                                                                                                                                                                                                                    Start time:00:32:38
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM brave.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:103
                                                                                                                                                                                                                                                                    Start time:00:32:38
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:104
                                                                                                                                                                                                                                                                    Start time:00:32:38
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM firefox.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:105
                                                                                                                                                                                                                                                                    Start time:00:32:38
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:106
                                                                                                                                                                                                                                                                    Start time:00:32:38
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM opera.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:107
                                                                                                                                                                                                                                                                    Start time:00:32:38
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:108
                                                                                                                                                                                                                                                                    Start time:00:32:38
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM kometa.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:109
                                                                                                                                                                                                                                                                    Start time:00:32:38
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM orbitum.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:110
                                                                                                                                                                                                                                                                    Start time:00:32:38
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM centbrowser.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:111
                                                                                                                                                                                                                                                                    Start time:00:32:38
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:112
                                                                                                                                                                                                                                                                    Start time:00:32:38
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM 7star.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:113
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:114
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:115
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:116
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM firefox.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:117
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM sputnik.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:118
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM opera.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:119
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:120
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM msedge.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:121
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM brave.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:122
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM chrome.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:123
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM vivaldi.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:124
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:125
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:126
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM epicprivacybrowser.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:127
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM uran.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:128
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:129
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM yandex.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:130
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM iridium.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:131
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:132
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:133
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:134
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq msedge.exe""
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:135
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:136
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:137
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq iexplore.exe""
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:138
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:139
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq firefox.exe""
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:140
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:141
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:142
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq chrome.exe""
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:143
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM orbitum.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:144
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM kometa.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:145
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM centbrowser.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:146
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:147
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM 7star.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:148
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM sputnik.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:149
                                                                                                                                                                                                                                                                    Start time:00:32:39
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM vivaldi.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:150
                                                                                                                                                                                                                                                                    Start time:00:32:40
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM epicprivacybrowser.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:151
                                                                                                                                                                                                                                                                    Start time:00:32:40
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM yandex.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:152
                                                                                                                                                                                                                                                                    Start time:00:32:40
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM uran.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:153
                                                                                                                                                                                                                                                                    Start time:00:32:40
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM iridium.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:154
                                                                                                                                                                                                                                                                    Start time:00:32:40
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:155
                                                                                                                                                                                                                                                                    Start time:00:32:40
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:tasklist /FI "IMAGENAME eq iexplore.exe"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff75ecf0000
                                                                                                                                                                                                                                                                    File size:106'496 bytes
                                                                                                                                                                                                                                                                    MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:156
                                                                                                                                                                                                                                                                    Start time:00:32:40
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:tasklist /FI "IMAGENAME eq chrome.exe"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff75ecf0000
                                                                                                                                                                                                                                                                    File size:106'496 bytes
                                                                                                                                                                                                                                                                    MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:157
                                                                                                                                                                                                                                                                    Start time:00:32:40
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:tasklist /FI "IMAGENAME eq firefox.exe"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff75ecf0000
                                                                                                                                                                                                                                                                    File size:106'496 bytes
                                                                                                                                                                                                                                                                    MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:158
                                                                                                                                                                                                                                                                    Start time:00:32:40
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:tasklist /FI "IMAGENAME eq msedge.exe"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff75ecf0000
                                                                                                                                                                                                                                                                    File size:106'496 bytes
                                                                                                                                                                                                                                                                    MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:159
                                                                                                                                                                                                                                                                    Start time:00:32:40
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:160
                                                                                                                                                                                                                                                                    Start time:00:32:40
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:tasklist /FI "IMAGENAME eq iexplore.exe"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff75ecf0000
                                                                                                                                                                                                                                                                    File size:106'496 bytes
                                                                                                                                                                                                                                                                    MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:161
                                                                                                                                                                                                                                                                    Start time:00:32:40
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:"C:/Program Files/Google/Chrome/Application/chrome.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
                                                                                                                                                                                                                                                                    Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                                    File size:3'242'272 bytes
                                                                                                                                                                                                                                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:162
                                                                                                                                                                                                                                                                    Start time:00:32:40
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:wmic bios get smbiosbiosversion
                                                                                                                                                                                                                                                                    Imagebase:0x7ff602c90000
                                                                                                                                                                                                                                                                    File size:576'000 bytes
                                                                                                                                                                                                                                                                    MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:163
                                                                                                                                                                                                                                                                    Start time:00:32:41
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2052 --field-trial-handle=2012,i,14256643865995858684,9263389117564715630,262144 /prefetch:8
                                                                                                                                                                                                                                                                    Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                                    File size:3'242'272 bytes
                                                                                                                                                                                                                                                                    MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:164
                                                                                                                                                                                                                                                                    Start time:00:32:42
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:165
                                                                                                                                                                                                                                                                    Start time:00:32:42
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "taskkill /IM chrome.exe /F"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:166
                                                                                                                                                                                                                                                                    Start time:00:32:42
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:167
                                                                                                                                                                                                                                                                    Start time:00:32:42
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:168
                                                                                                                                                                                                                                                                    Start time:00:32:42
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:wmic MemoryChip get /format:list
                                                                                                                                                                                                                                                                    Imagebase:0x7ff602c90000
                                                                                                                                                                                                                                                                    File size:576'000 bytes
                                                                                                                                                                                                                                                                    MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:169
                                                                                                                                                                                                                                                                    Start time:00:32:42
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\taskkill.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:taskkill /IM chrome.exe /F
                                                                                                                                                                                                                                                                    Imagebase:0x7ff751070000
                                                                                                                                                                                                                                                                    File size:101'376 bytes
                                                                                                                                                                                                                                                                    MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:170
                                                                                                                                                                                                                                                                    Start time:00:32:42
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:find /i "Speed"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff6ed9c0000
                                                                                                                                                                                                                                                                    File size:17'920 bytes
                                                                                                                                                                                                                                                                    MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:171
                                                                                                                                                                                                                                                                    Start time:00:32:42
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:172
                                                                                                                                                                                                                                                                    Start time:00:32:42
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:173
                                                                                                                                                                                                                                                                    Start time:00:32:42
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:wmic path win32_VideoController get name
                                                                                                                                                                                                                                                                    Imagebase:0x7ff602c90000
                                                                                                                                                                                                                                                                    File size:576'000 bytes
                                                                                                                                                                                                                                                                    MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:174
                                                                                                                                                                                                                                                                    Start time:00:32:43
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:175
                                                                                                                                                                                                                                                                    Start time:00:32:43
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:176
                                                                                                                                                                                                                                                                    Start time:00:32:43
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
                                                                                                                                                                                                                                                                    Imagebase:0x7ff788560000
                                                                                                                                                                                                                                                                    File size:452'608 bytes
                                                                                                                                                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:177
                                                                                                                                                                                                                                                                    Start time:00:32:43
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:"C:/Program Files (x86)/Microsoft/Edge/Application/msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --disable-gpu --no-sandbox --window-position=-32000,-32000
                                                                                                                                                                                                                                                                    Imagebase:0x7ff67dcd0000
                                                                                                                                                                                                                                                                    File size:4'210'216 bytes
                                                                                                                                                                                                                                                                    MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:178
                                                                                                                                                                                                                                                                    Start time:00:32:44
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mojo-platform-channel-handle=2072 --field-trial-handle=1972,i,2766285570963821738,1807897661508393279,262144 /prefetch:3
                                                                                                                                                                                                                                                                    Imagebase:0x7ff67dcd0000
                                                                                                                                                                                                                                                                    File size:4'210'216 bytes
                                                                                                                                                                                                                                                                    MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:179
                                                                                                                                                                                                                                                                    Start time:00:32:46
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:180
                                                                                                                                                                                                                                                                    Start time:00:32:46
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:182
                                                                                                                                                                                                                                                                    Start time:00:32:46
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:wmic bios get smbiosbiosversion
                                                                                                                                                                                                                                                                    Imagebase:0x7ff602c90000
                                                                                                                                                                                                                                                                    File size:576'000 bytes
                                                                                                                                                                                                                                                                    MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:183
                                                                                                                                                                                                                                                                    Start time:00:32:47
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:184
                                                                                                                                                                                                                                                                    Start time:00:32:47
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:185
                                                                                                                                                                                                                                                                    Start time:00:32:47
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:wmic MemoryChip get /format:list
                                                                                                                                                                                                                                                                    Imagebase:0x7ff602c90000
                                                                                                                                                                                                                                                                    File size:576'000 bytes
                                                                                                                                                                                                                                                                    MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:186
                                                                                                                                                                                                                                                                    Start time:00:32:47
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:find /i "Speed"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff6ed9c0000
                                                                                                                                                                                                                                                                    File size:17'920 bytes
                                                                                                                                                                                                                                                                    MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:187
                                                                                                                                                                                                                                                                    Start time:00:32:47
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic path win32_VideoController get name"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:188
                                                                                                                                                                                                                                                                    Start time:00:32:47
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:189
                                                                                                                                                                                                                                                                    Start time:00:32:47
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:wmic path win32_VideoController get name
                                                                                                                                                                                                                                                                    Imagebase:0x7ff602c90000
                                                                                                                                                                                                                                                                    File size:576'000 bytes
                                                                                                                                                                                                                                                                    MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:190
                                                                                                                                                                                                                                                                    Start time:00:32:48
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:191
                                                                                                                                                                                                                                                                    Start time:00:32:48
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:192
                                                                                                                                                                                                                                                                    Start time:00:32:48
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName
                                                                                                                                                                                                                                                                    Imagebase:0x7ff788560000
                                                                                                                                                                                                                                                                    File size:452'608 bytes
                                                                                                                                                                                                                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:193
                                                                                                                                                                                                                                                                    Start time:00:32:48
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\dllhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                                                                                                                                                                                                                                                    Imagebase:0x7ff70f330000
                                                                                                                                                                                                                                                                    File size:21'312 bytes
                                                                                                                                                                                                                                                                    MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:194
                                                                                                                                                                                                                                                                    Start time:00:32:49
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"
                                                                                                                                                                                                                                                                    Imagebase:0x7ff628160000
                                                                                                                                                                                                                                                                    File size:289'792 bytes
                                                                                                                                                                                                                                                                    MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:195
                                                                                                                                                                                                                                                                    Start time:00:32:49
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:200
                                                                                                                                                                                                                                                                    Start time:00:32:49
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:216
                                                                                                                                                                                                                                                                    Start time:00:32:50
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:227
                                                                                                                                                                                                                                                                    Start time:00:32:50
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:232
                                                                                                                                                                                                                                                                    Start time:00:32:50
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:251
                                                                                                                                                                                                                                                                    Start time:00:32:51
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:252
                                                                                                                                                                                                                                                                    Start time:00:32:52
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:256
                                                                                                                                                                                                                                                                    Start time:00:32:52
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:263
                                                                                                                                                                                                                                                                    Start time:00:32:52
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:273
                                                                                                                                                                                                                                                                    Start time:00:32:53
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:278
                                                                                                                                                                                                                                                                    Start time:00:32:53
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:284
                                                                                                                                                                                                                                                                    Start time:00:32:53
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:299
                                                                                                                                                                                                                                                                    Start time:00:32:54
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:304
                                                                                                                                                                                                                                                                    Start time:00:32:54
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:315
                                                                                                                                                                                                                                                                    Start time:00:32:55
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:336
                                                                                                                                                                                                                                                                    Start time:00:32:55
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:366
                                                                                                                                                                                                                                                                    Start time:00:32:57
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:377
                                                                                                                                                                                                                                                                    Start time:00:32:57
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:382
                                                                                                                                                                                                                                                                    Start time:00:32:57
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:403
                                                                                                                                                                                                                                                                    Start time:00:32:58
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:413
                                                                                                                                                                                                                                                                    Start time:00:32:59
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:418
                                                                                                                                                                                                                                                                    Start time:00:32:59
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:434
                                                                                                                                                                                                                                                                    Start time:00:32:59
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:444
                                                                                                                                                                                                                                                                    Start time:00:33:01
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:450
                                                                                                                                                                                                                                                                    Start time:00:33:01
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:455
                                                                                                                                                                                                                                                                    Start time:00:33:01
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:460
                                                                                                                                                                                                                                                                    Start time:00:33:02
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:471
                                                                                                                                                                                                                                                                    Start time:00:33:02
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:476
                                                                                                                                                                                                                                                                    Start time:00:33:02
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:481
                                                                                                                                                                                                                                                                    Start time:00:33:02
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:486
                                                                                                                                                                                                                                                                    Start time:00:33:03
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:492
                                                                                                                                                                                                                                                                    Start time:00:33:03
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff68cef0000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:497
                                                                                                                                                                                                                                                                    Start time:00:33:03
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:502
                                                                                                                                                                                                                                                                    Start time:00:33:03
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:507
                                                                                                                                                                                                                                                                    Start time:00:33:04
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:539
                                                                                                                                                                                                                                                                    Start time:00:33:05
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:544
                                                                                                                                                                                                                                                                    Start time:00:33:05
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:549
                                                                                                                                                                                                                                                                    Start time:00:33:05
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:555
                                                                                                                                                                                                                                                                    Start time:00:33:06
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:570
                                                                                                                                                                                                                                                                    Start time:00:33:06
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:576
                                                                                                                                                                                                                                                                    Start time:00:33:06
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:586
                                                                                                                                                                                                                                                                    Start time:00:33:07
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:591
                                                                                                                                                                                                                                                                    Start time:00:33:07
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:597
                                                                                                                                                                                                                                                                    Start time:00:33:07
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:612
                                                                                                                                                                                                                                                                    Start time:00:33:08
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:623
                                                                                                                                                                                                                                                                    Start time:00:33:09
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:639
                                                                                                                                                                                                                                                                    Start time:00:33:09
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:644
                                                                                                                                                                                                                                                                    Start time:00:33:10
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:649
                                                                                                                                                                                                                                                                    Start time:00:33:10
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:654
                                                                                                                                                                                                                                                                    Start time:00:33:10
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:665
                                                                                                                                                                                                                                                                    Start time:00:33:11
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:681
                                                                                                                                                                                                                                                                    Start time:00:33:12
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:686
                                                                                                                                                                                                                                                                    Start time:00:33:12
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:696
                                                                                                                                                                                                                                                                    Start time:00:33:12
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:0x7ff6eef20000
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:702
                                                                                                                                                                                                                                                                    Start time:00:33:13
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:707
                                                                                                                                                                                                                                                                    Start time:00:33:13
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:717
                                                                                                                                                                                                                                                                    Start time:00:33:13
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:728
                                                                                                                                                                                                                                                                    Start time:00:33:14
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:733
                                                                                                                                                                                                                                                                    Start time:00:33:15
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:749
                                                                                                                                                                                                                                                                    Start time:00:33:15
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:770
                                                                                                                                                                                                                                                                    Start time:00:33:16
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:775
                                                                                                                                                                                                                                                                    Start time:00:33:17
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:780
                                                                                                                                                                                                                                                                    Start time:00:33:17
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:786
                                                                                                                                                                                                                                                                    Start time:00:33:17
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:791
                                                                                                                                                                                                                                                                    Start time:00:33:17
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:796
                                                                                                                                                                                                                                                                    Start time:00:33:18
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:807
                                                                                                                                                                                                                                                                    Start time:00:33:18
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:833
                                                                                                                                                                                                                                                                    Start time:00:33:19
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:838
                                                                                                                                                                                                                                                                    Start time:00:33:20
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:854
                                                                                                                                                                                                                                                                    Start time:00:33:20
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                                                    Target ID:864
                                                                                                                                                                                                                                                                    Start time:00:33:21
                                                                                                                                                                                                                                                                    Start date:04/12/2024
                                                                                                                                                                                                                                                                    Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                    Wow64 process (32bit):
                                                                                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                    Imagebase:
                                                                                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                    Has elevated privileges:
                                                                                                                                                                                                                                                                    Has administrator privileges:
                                                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                                                      Execution Coverage:27%
                                                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                      Signature Coverage:20.2%
                                                                                                                                                                                                                                                                      Total number of Nodes:1333
                                                                                                                                                                                                                                                                      Total number of Limit Nodes:35
                                                                                                                                                                                                                                                                      execution_graph 2912 401941 2913 401943 2912->2913 2918 402c41 2913->2918 2919 402c4d 2918->2919 2960 4062dc 2919->2960 2922 401948 2924 4059cc 2922->2924 3002 405c97 2924->3002 2927 4059f4 DeleteFileW 2957 401951 2927->2957 2928 405a0b 2929 405b2b 2928->2929 3016 4062ba lstrcpynW 2928->3016 2929->2957 3045 4065fd FindFirstFileW 2929->3045 2931 405a31 2932 405a44 2931->2932 2933 405a37 lstrcatW 2931->2933 3018 405bdb lstrlenW 2932->3018 2934 405a4a 2933->2934 2937 405a5a lstrcatW 2934->2937 2939 405a65 lstrlenW FindFirstFileW 2934->2939 2937->2939 2939->2929 2949 405a87 2939->2949 2942 405984 5 API calls 2945 405b66 2942->2945 2944 405b0e FindNextFileW 2946 405b24 FindClose 2944->2946 2944->2949 2947 405b80 2945->2947 2948 405b6a 2945->2948 2946->2929 2951 405322 24 API calls 2947->2951 2952 405322 24 API calls 2948->2952 2948->2957 2949->2944 2953 4059cc 60 API calls 2949->2953 2955 405322 24 API calls 2949->2955 3017 4062ba lstrcpynW 2949->3017 3022 405984 2949->3022 3030 405322 2949->3030 3041 406080 MoveFileExW 2949->3041 2951->2957 2954 405b77 2952->2954 2953->2949 2956 406080 36 API calls 2954->2956 2955->2944 2956->2957 2973 4062e9 2960->2973 2961 406534 2962 402c6e 2961->2962 2993 4062ba lstrcpynW 2961->2993 2962->2922 2977 40654e 2962->2977 2964 406502 lstrlenW 2964->2973 2965 4062dc 10 API calls 2965->2964 2968 406417 GetSystemDirectoryW 2968->2973 2970 40642a GetWindowsDirectoryW 2970->2973 2971 40654e 5 API calls 2971->2973 2972 4064a5 lstrcatW 2972->2973 2973->2961 2973->2964 2973->2965 2973->2968 2973->2970 2973->2971 2973->2972 2974 40645e SHGetSpecialFolderLocation 2973->2974 2975 4062dc 10 API calls 2973->2975 2986 406188 2973->2986 2991 406201 wsprintfW 2973->2991 2992 4062ba lstrcpynW 2973->2992 2974->2973 2976 406476 SHGetPathFromIDListW CoTaskMemFree 2974->2976 2975->2973 2976->2973 2980 40655b 2977->2980 2978 4065d1 2979 4065d6 CharPrevW 2978->2979 2983 4065f7 2978->2983 2979->2978 2980->2978 2981 4065c4 CharNextW 2980->2981 2984 4065b0 CharNextW 2980->2984 2985 4065bf CharNextW 2980->2985 2998 405bbc 2980->2998 2981->2978 2981->2980 2983->2922 2984->2980 2985->2981 2994 406127 2986->2994 2989 4061ec 2989->2973 2990 4061bc RegQueryValueExW RegCloseKey 2990->2989 2991->2973 2992->2973 2993->2962 2995 406136 2994->2995 2996 40613a 2995->2996 2997 40613f RegOpenKeyExW 2995->2997 2996->2989 2996->2990 2997->2996 2999 405bc2 2998->2999 3000 405bd8 2999->3000 3001 405bc9 CharNextW 2999->3001 3000->2980 3001->2999 3051 4062ba lstrcpynW 3002->3051 3004 405ca8 3052 405c3a CharNextW CharNextW 3004->3052 3007 4059ec 3007->2927 3007->2928 3008 40654e 5 API calls 3011 405cbe 3008->3011 3009 405cef lstrlenW 3010 405cfa 3009->3010 3009->3011 3012 405b8f 3 API calls 3010->3012 3011->3007 3011->3009 3013 4065fd 2 API calls 3011->3013 3015 405bdb 2 API calls 3011->3015 3014 405cff GetFileAttributesW 3012->3014 3013->3011 3014->3007 3015->3009 3016->2931 3017->2949 3019 405be9 3018->3019 3020 405bfb 3019->3020 3021 405bef CharPrevW 3019->3021 3020->2934 3021->3019 3021->3020 3058 405d8b GetFileAttributesW 3022->3058 3025 4059b1 3025->2949 3026 4059a7 DeleteFileW 3028 4059ad 3026->3028 3027 40599f RemoveDirectoryW 3027->3028 3028->3025 3029 4059bd SetFileAttributesW 3028->3029 3029->3025 3031 40533d 3030->3031 3040 4053df 3030->3040 3032 405359 lstrlenW 3031->3032 3033 4062dc 17 API calls 3031->3033 3034 405382 3032->3034 3035 405367 lstrlenW 3032->3035 3033->3032 3037 405395 3034->3037 3038 405388 SetWindowTextW 3034->3038 3036 405379 lstrcatW 3035->3036 3035->3040 3036->3034 3039 40539b SendMessageW SendMessageW SendMessageW 3037->3039 3037->3040 3038->3037 3039->3040 3040->2949 3042 4060a1 3041->3042 3043 406094 3041->3043 3042->2949 3061 405f06 3043->3061 3046 406613 FindClose 3045->3046 3047 405b50 3045->3047 3046->3047 3047->2957 3048 405b8f lstrlenW CharPrevW 3047->3048 3049 405b5a 3048->3049 3050 405bab lstrcatW 3048->3050 3049->2942 3050->3049 3051->3004 3053 405c57 3052->3053 3056 405c69 3052->3056 3055 405c64 CharNextW 3053->3055 3053->3056 3054 405c8d 3054->3007 3054->3008 3055->3054 3056->3054 3057 405bbc CharNextW 3056->3057 3057->3056 3059 405990 3058->3059 3060 405d9d SetFileAttributesW 3058->3060 3059->3025 3059->3026 3059->3027 3060->3059 3062 405f36 3061->3062 3063 405f5c GetShortPathNameW 3061->3063 3088 405db0 GetFileAttributesW CreateFileW 3062->3088 3065 405f71 3063->3065 3066 40607b 3063->3066 3065->3066 3067 405f79 wsprintfA 3065->3067 3066->3042 3069 4062dc 17 API calls 3067->3069 3068 405f40 CloseHandle GetShortPathNameW 3068->3066 3070 405f54 3068->3070 3071 405fa1 3069->3071 3070->3063 3070->3066 3089 405db0 GetFileAttributesW CreateFileW 3071->3089 3073 405fae 3073->3066 3074 405fbd GetFileSize GlobalAlloc 3073->3074 3075 406074 CloseHandle 3074->3075 3076 405fdf 3074->3076 3075->3066 3090 405e33 ReadFile 3076->3090 3081 406012 3083 405d15 4 API calls 3081->3083 3082 405ffe lstrcpyA 3084 406020 3082->3084 3083->3084 3085 406057 SetFilePointer 3084->3085 3097 405e62 WriteFile 3085->3097 3088->3068 3089->3073 3091 405e51 3090->3091 3091->3075 3092 405d15 lstrlenA 3091->3092 3093 405d56 lstrlenA 3092->3093 3094 405d2f lstrcmpiA 3093->3094 3095 405d5e 3093->3095 3094->3095 3096 405d4d CharNextA 3094->3096 3095->3081 3095->3082 3096->3093 3098 405e80 GlobalFree 3097->3098 3098->3075 3099 4015c1 3100 402c41 17 API calls 3099->3100 3101 4015c8 3100->3101 3102 405c3a 4 API calls 3101->3102 3114 4015d1 3102->3114 3103 401631 3105 401663 3103->3105 3106 401636 3103->3106 3104 405bbc CharNextW 3104->3114 3108 401423 24 API calls 3105->3108 3126 401423 3106->3126 3116 40165b 3108->3116 3113 40164a SetCurrentDirectoryW 3113->3116 3114->3103 3114->3104 3115 401617 GetFileAttributesW 3114->3115 3118 40588b 3114->3118 3121 4057f1 CreateDirectoryW 3114->3121 3130 40586e CreateDirectoryW 3114->3130 3115->3114 3133 406694 GetModuleHandleA 3118->3133 3122 405842 GetLastError 3121->3122 3123 40583e 3121->3123 3122->3123 3124 405851 SetFileSecurityW 3122->3124 3123->3114 3124->3123 3125 405867 GetLastError 3124->3125 3125->3123 3127 405322 24 API calls 3126->3127 3128 401431 3127->3128 3129 4062ba lstrcpynW 3128->3129 3129->3113 3131 405882 GetLastError 3130->3131 3132 40587e 3130->3132 3131->3132 3132->3114 3134 4066b0 3133->3134 3135 4066ba GetProcAddress 3133->3135 3139 406624 GetSystemDirectoryW 3134->3139 3137 405892 3135->3137 3137->3114 3138 4066b6 3138->3135 3138->3137 3140 406646 wsprintfW LoadLibraryExW 3139->3140 3140->3138 3310 401e49 3311 402c1f 17 API calls 3310->3311 3312 401e4f 3311->3312 3313 402c1f 17 API calls 3312->3313 3314 401e5b 3313->3314 3315 401e72 EnableWindow 3314->3315 3316 401e67 ShowWindow 3314->3316 3317 402ac5 3315->3317 3316->3317 3772 40264a 3773 402c1f 17 API calls 3772->3773 3777 402659 3773->3777 3774 4026a3 ReadFile 3774->3777 3784 402796 3774->3784 3775 405e33 ReadFile 3775->3777 3777->3774 3777->3775 3778 4026e3 MultiByteToWideChar 3777->3778 3779 402798 3777->3779 3781 402709 SetFilePointer MultiByteToWideChar 3777->3781 3782 4027a9 3777->3782 3777->3784 3785 405e91 SetFilePointer 3777->3785 3778->3777 3794 406201 wsprintfW 3779->3794 3781->3777 3783 4027ca SetFilePointer 3782->3783 3782->3784 3783->3784 3786 405ead 3785->3786 3787 405ec5 3785->3787 3788 405e33 ReadFile 3786->3788 3787->3777 3789 405eb9 3788->3789 3789->3787 3790 405ef6 SetFilePointer 3789->3790 3791 405ece SetFilePointer 3789->3791 3790->3787 3791->3790 3792 405ed9 3791->3792 3793 405e62 WriteFile 3792->3793 3793->3787 3794->3784 3798 4016cc 3799 402c41 17 API calls 3798->3799 3800 4016d2 GetFullPathNameW 3799->3800 3801 4016ec 3800->3801 3807 40170e 3800->3807 3804 4065fd 2 API calls 3801->3804 3801->3807 3802 401723 GetShortPathNameW 3803 402ac5 3802->3803 3805 4016fe 3804->3805 3805->3807 3808 4062ba lstrcpynW 3805->3808 3807->3802 3807->3803 3808->3807 3809 40234e 3810 402c41 17 API calls 3809->3810 3811 40235d 3810->3811 3812 402c41 17 API calls 3811->3812 3813 402366 3812->3813 3814 402c41 17 API calls 3813->3814 3815 402370 GetPrivateProfileStringW 3814->3815 3598 4038d0 3599 4038e8 3598->3599 3600 4038da CloseHandle 3598->3600 3605 403915 3599->3605 3600->3599 3603 4059cc 67 API calls 3604 4038f9 3603->3604 3606 403923 3605->3606 3607 4038ed 3606->3607 3608 403928 FreeLibrary GlobalFree 3606->3608 3607->3603 3608->3607 3608->3608 3816 401b53 3817 402c41 17 API calls 3816->3817 3818 401b5a 3817->3818 3819 402c1f 17 API calls 3818->3819 3820 401b63 wsprintfW 3819->3820 3821 402ac5 3820->3821 3822 401956 3823 402c41 17 API calls 3822->3823 3824 40195d lstrlenW 3823->3824 3825 402592 3824->3825 3826 4014d7 3827 402c1f 17 API calls 3826->3827 3828 4014dd Sleep 3827->3828 3830 402ac5 3828->3830 3655 403d58 3656 403d70 3655->3656 3657 403eab 3655->3657 3656->3657 3658 403d7c 3656->3658 3659 403efc 3657->3659 3660 403ebc GetDlgItem GetDlgItem 3657->3660 3662 403d87 SetWindowPos 3658->3662 3663 403d9a 3658->3663 3661 403f56 3659->3661 3669 401389 2 API calls 3659->3669 3664 404231 18 API calls 3660->3664 3665 40427d SendMessageW 3661->3665 3686 403ea6 3661->3686 3662->3663 3666 403db7 3663->3666 3667 403d9f ShowWindow 3663->3667 3668 403ee6 SetClassLongW 3664->3668 3698 403f68 3665->3698 3670 403dd9 3666->3670 3671 403dbf DestroyWindow 3666->3671 3667->3666 3672 40140b 2 API calls 3668->3672 3673 403f2e 3669->3673 3674 403dde SetWindowLongW 3670->3674 3675 403def 3670->3675 3725 4041ba 3671->3725 3672->3659 3673->3661 3678 403f32 SendMessageW 3673->3678 3674->3686 3676 403e98 3675->3676 3677 403dfb GetDlgItem 3675->3677 3683 404298 8 API calls 3676->3683 3681 403e2b 3677->3681 3682 403e0e SendMessageW IsWindowEnabled 3677->3682 3678->3686 3679 40140b 2 API calls 3679->3698 3680 4041bc DestroyWindow EndDialog 3680->3725 3685 403e30 3681->3685 3688 403e38 3681->3688 3690 403e7f SendMessageW 3681->3690 3691 403e4b 3681->3691 3682->3681 3682->3686 3683->3686 3684 4041eb ShowWindow 3684->3686 3692 40420a SendMessageW 3685->3692 3687 4062dc 17 API calls 3687->3698 3688->3685 3688->3690 3689 404231 18 API calls 3689->3698 3690->3676 3694 403e53 3691->3694 3695 403e68 3691->3695 3693 403e66 3692->3693 3693->3676 3697 40140b 2 API calls 3694->3697 3696 40140b 2 API calls 3695->3696 3699 403e6f 3696->3699 3697->3685 3698->3679 3698->3680 3698->3686 3698->3687 3698->3689 3700 404231 18 API calls 3698->3700 3716 4040fc DestroyWindow 3698->3716 3699->3676 3699->3685 3701 403fe3 GetDlgItem 3700->3701 3702 404000 ShowWindow KiUserCallbackDispatcher 3701->3702 3703 403ff8 3701->3703 3726 404253 KiUserCallbackDispatcher 3702->3726 3703->3702 3705 40402a EnableWindow 3710 40403e 3705->3710 3706 404043 GetSystemMenu EnableMenuItem SendMessageW 3707 404073 SendMessageW 3706->3707 3706->3710 3707->3710 3709 403d39 18 API calls 3709->3710 3710->3706 3710->3709 3727 404266 SendMessageW 3710->3727 3728 4062ba lstrcpynW 3710->3728 3712 4040a2 lstrlenW 3713 4062dc 17 API calls 3712->3713 3714 4040b8 SetWindowTextW 3713->3714 3715 401389 2 API calls 3714->3715 3715->3698 3717 404116 CreateDialogParamW 3716->3717 3716->3725 3718 404149 3717->3718 3717->3725 3719 404231 18 API calls 3718->3719 3720 404154 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3719->3720 3721 401389 2 API calls 3720->3721 3722 40419a 3721->3722 3722->3686 3723 4041a2 ShowWindow 3722->3723 3724 40427d SendMessageW 3723->3724 3724->3725 3725->3684 3725->3686 3726->3705 3727->3710 3728->3712 3831 401f58 3832 402c41 17 API calls 3831->3832 3833 401f5f 3832->3833 3834 4065fd 2 API calls 3833->3834 3835 401f65 3834->3835 3837 401f76 3835->3837 3838 406201 wsprintfW 3835->3838 3838->3837 3729 402259 3730 402c41 17 API calls 3729->3730 3731 40225f 3730->3731 3732 402c41 17 API calls 3731->3732 3733 402268 3732->3733 3734 402c41 17 API calls 3733->3734 3735 402271 3734->3735 3736 4065fd 2 API calls 3735->3736 3737 40227a 3736->3737 3738 40228b lstrlenW lstrlenW 3737->3738 3739 40227e 3737->3739 3741 405322 24 API calls 3738->3741 3740 405322 24 API calls 3739->3740 3743 402286 3739->3743 3740->3743 3742 4022c9 SHFileOperationW 3741->3742 3742->3739 3742->3743 3839 4046db 3840 404711 3839->3840 3841 4046eb 3839->3841 3843 404298 8 API calls 3840->3843 3842 404231 18 API calls 3841->3842 3844 4046f8 SetDlgItemTextW 3842->3844 3845 40471d 3843->3845 3844->3840 3744 40175c 3745 402c41 17 API calls 3744->3745 3746 401763 3745->3746 3747 405ddf 2 API calls 3746->3747 3748 40176a 3747->3748 3749 405ddf 2 API calls 3748->3749 3749->3748 3846 401d5d GetDlgItem GetClientRect 3847 402c41 17 API calls 3846->3847 3848 401d8f LoadImageW SendMessageW 3847->3848 3849 402ac5 3848->3849 3850 401dad DeleteObject 3848->3850 3850->3849 3851 4022dd 3852 4022e4 3851->3852 3853 4022f7 3851->3853 3854 4062dc 17 API calls 3852->3854 3855 4022f1 3854->3855 3856 405920 MessageBoxIndirectW 3855->3856 3856->3853 3142 405461 3143 405482 GetDlgItem GetDlgItem GetDlgItem 3142->3143 3144 40560b 3142->3144 3188 404266 SendMessageW 3143->3188 3146 405614 GetDlgItem CreateThread CloseHandle 3144->3146 3147 40563c 3144->3147 3146->3147 3211 4053f5 OleInitialize 3146->3211 3149 405667 3147->3149 3150 405653 ShowWindow ShowWindow 3147->3150 3151 40568c 3147->3151 3148 4054f2 3155 4054f9 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3148->3155 3152 405673 3149->3152 3153 4056c7 3149->3153 3193 404266 SendMessageW 3150->3193 3197 404298 3151->3197 3157 4056a1 ShowWindow 3152->3157 3158 40567b 3152->3158 3153->3151 3163 4056d5 SendMessageW 3153->3163 3161 405567 3155->3161 3162 40554b SendMessageW SendMessageW 3155->3162 3159 4056c1 3157->3159 3160 4056b3 3157->3160 3194 40420a 3158->3194 3166 40420a SendMessageW 3159->3166 3165 405322 24 API calls 3160->3165 3167 40557a 3161->3167 3168 40556c SendMessageW 3161->3168 3162->3161 3169 40569a 3163->3169 3170 4056ee CreatePopupMenu 3163->3170 3165->3159 3166->3153 3189 404231 3167->3189 3168->3167 3171 4062dc 17 API calls 3170->3171 3173 4056fe AppendMenuW 3171->3173 3175 40571b GetWindowRect 3173->3175 3176 40572e TrackPopupMenu 3173->3176 3174 40558a 3177 405593 ShowWindow 3174->3177 3178 4055c7 GetDlgItem SendMessageW 3174->3178 3175->3176 3176->3169 3180 405749 3176->3180 3181 4055b6 3177->3181 3182 4055a9 ShowWindow 3177->3182 3178->3169 3179 4055ee SendMessageW SendMessageW 3178->3179 3179->3169 3183 405765 SendMessageW 3180->3183 3192 404266 SendMessageW 3181->3192 3182->3181 3183->3183 3184 405782 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3183->3184 3186 4057a7 SendMessageW 3184->3186 3186->3186 3187 4057d0 GlobalUnlock SetClipboardData CloseClipboard 3186->3187 3187->3169 3188->3148 3190 4062dc 17 API calls 3189->3190 3191 40423c SetDlgItemTextW 3190->3191 3191->3174 3192->3178 3193->3149 3195 404211 3194->3195 3196 404217 SendMessageW 3194->3196 3195->3196 3196->3151 3198 40435b 3197->3198 3199 4042b0 GetWindowLongW 3197->3199 3198->3169 3199->3198 3200 4042c5 3199->3200 3200->3198 3201 4042f2 GetSysColor 3200->3201 3202 4042f5 3200->3202 3201->3202 3203 404305 SetBkMode 3202->3203 3204 4042fb SetTextColor 3202->3204 3205 404323 3203->3205 3206 40431d GetSysColor 3203->3206 3204->3203 3207 404334 3205->3207 3208 40432a SetBkColor 3205->3208 3206->3205 3207->3198 3209 404347 DeleteObject 3207->3209 3210 40434e CreateBrushIndirect 3207->3210 3208->3207 3209->3210 3210->3198 3218 40427d 3211->3218 3213 405418 3217 40543f 3213->3217 3221 401389 3213->3221 3214 40427d SendMessageW 3215 405451 CoUninitialize 3214->3215 3217->3214 3219 404295 3218->3219 3220 404286 SendMessageW 3218->3220 3219->3213 3220->3219 3223 401390 3221->3223 3222 4013fe 3222->3213 3223->3222 3224 4013cb MulDiv SendMessageW 3223->3224 3224->3223 3857 401563 3858 402a6b 3857->3858 3861 406201 wsprintfW 3858->3861 3860 402a70 3861->3860 3225 4023e4 3226 402c41 17 API calls 3225->3226 3227 4023f6 3226->3227 3228 402c41 17 API calls 3227->3228 3229 402400 3228->3229 3242 402cd1 3229->3242 3232 402ac5 3233 402438 3234 402444 3233->3234 3246 402c1f 3233->3246 3237 402463 RegSetValueExW 3234->3237 3249 403116 3234->3249 3235 402c41 17 API calls 3238 40242e lstrlenW 3235->3238 3240 402479 RegCloseKey 3237->3240 3238->3233 3240->3232 3243 402cec 3242->3243 3269 406155 3243->3269 3247 4062dc 17 API calls 3246->3247 3248 402c34 3247->3248 3248->3234 3250 40312f 3249->3250 3251 40315d 3250->3251 3276 403347 SetFilePointer 3250->3276 3273 403331 3251->3273 3255 4032ca 3257 40330c 3255->3257 3262 4032ce 3255->3262 3256 40317a GetTickCount 3258 4032b4 3256->3258 3265 4031c9 3256->3265 3260 403331 ReadFile 3257->3260 3258->3237 3259 403331 ReadFile 3259->3265 3260->3258 3261 403331 ReadFile 3261->3262 3262->3258 3262->3261 3263 405e62 WriteFile 3262->3263 3263->3262 3264 40321f GetTickCount 3264->3265 3265->3258 3265->3259 3265->3264 3266 403244 MulDiv wsprintfW 3265->3266 3268 405e62 WriteFile 3265->3268 3267 405322 24 API calls 3266->3267 3267->3265 3268->3265 3270 406164 3269->3270 3271 402410 3270->3271 3272 40616f RegCreateKeyExW 3270->3272 3271->3232 3271->3233 3271->3235 3272->3271 3274 405e33 ReadFile 3273->3274 3275 403168 3274->3275 3275->3255 3275->3256 3275->3258 3276->3251 3862 404367 lstrcpynW lstrlenW 3863 401968 3864 402c1f 17 API calls 3863->3864 3865 40196f 3864->3865 3866 402c1f 17 API calls 3865->3866 3867 40197c 3866->3867 3868 402c41 17 API calls 3867->3868 3869 401993 lstrlenW 3868->3869 3870 4019a4 3869->3870 3871 4019e5 3870->3871 3875 4062ba lstrcpynW 3870->3875 3873 4019d5 3873->3871 3874 4019da lstrlenW 3873->3874 3874->3871 3875->3873 3876 402868 3877 402c41 17 API calls 3876->3877 3878 40286f FindFirstFileW 3877->3878 3879 402882 3878->3879 3880 402897 3878->3880 3884 406201 wsprintfW 3880->3884 3882 4028a0 3885 4062ba lstrcpynW 3882->3885 3884->3882 3885->3879 3886 403968 3887 403973 3886->3887 3888 403977 3887->3888 3889 40397a GlobalAlloc 3887->3889 3889->3888 3890 40166a 3891 402c41 17 API calls 3890->3891 3892 401670 3891->3892 3893 4065fd 2 API calls 3892->3893 3894 401676 3893->3894 3318 40176f 3319 402c41 17 API calls 3318->3319 3320 401776 3319->3320 3321 401796 3320->3321 3322 40179e 3320->3322 3357 4062ba lstrcpynW 3321->3357 3358 4062ba lstrcpynW 3322->3358 3325 40179c 3329 40654e 5 API calls 3325->3329 3326 4017a9 3327 405b8f 3 API calls 3326->3327 3328 4017af lstrcatW 3327->3328 3328->3325 3347 4017bb 3329->3347 3330 4065fd 2 API calls 3330->3347 3331 405d8b 2 API calls 3331->3347 3333 4017cd CompareFileTime 3333->3347 3334 40188d 3336 405322 24 API calls 3334->3336 3335 401864 3337 405322 24 API calls 3335->3337 3346 401879 3335->3346 3338 401897 3336->3338 3337->3346 3339 403116 31 API calls 3338->3339 3341 4018aa 3339->3341 3340 4062ba lstrcpynW 3340->3347 3342 4018be SetFileTime 3341->3342 3344 4018d0 CloseHandle 3341->3344 3342->3344 3343 4062dc 17 API calls 3343->3347 3345 4018e1 3344->3345 3344->3346 3348 4018e6 3345->3348 3349 4018f9 3345->3349 3347->3330 3347->3331 3347->3333 3347->3334 3347->3335 3347->3340 3347->3343 3356 405db0 GetFileAttributesW CreateFileW 3347->3356 3359 405920 3347->3359 3350 4062dc 17 API calls 3348->3350 3351 4062dc 17 API calls 3349->3351 3352 4018ee lstrcatW 3350->3352 3353 401901 3351->3353 3352->3353 3355 405920 MessageBoxIndirectW 3353->3355 3355->3346 3356->3347 3357->3325 3358->3326 3360 405935 3359->3360 3361 405981 3360->3361 3362 405949 MessageBoxIndirectW 3360->3362 3361->3347 3362->3361 3895 4027ef 3896 4027f6 3895->3896 3899 402a70 3895->3899 3897 402c1f 17 API calls 3896->3897 3898 4027fd 3897->3898 3900 40280c SetFilePointer 3898->3900 3900->3899 3901 40281c 3900->3901 3903 406201 wsprintfW 3901->3903 3903->3899 3904 4043f0 3905 404408 3904->3905 3909 404522 3904->3909 3910 404231 18 API calls 3905->3910 3906 40458c 3907 404656 3906->3907 3908 404596 GetDlgItem 3906->3908 3915 404298 8 API calls 3907->3915 3911 4045b0 3908->3911 3912 404617 3908->3912 3909->3906 3909->3907 3913 40455d GetDlgItem SendMessageW 3909->3913 3914 40446f 3910->3914 3911->3912 3918 4045d6 SendMessageW LoadCursorW SetCursor 3911->3918 3912->3907 3919 404629 3912->3919 3937 404253 KiUserCallbackDispatcher 3913->3937 3917 404231 18 API calls 3914->3917 3925 404651 3915->3925 3921 40447c CheckDlgButton 3917->3921 3941 40469f 3918->3941 3923 40463f 3919->3923 3924 40462f SendMessageW 3919->3924 3920 404587 3938 40467b 3920->3938 3935 404253 KiUserCallbackDispatcher 3921->3935 3923->3925 3926 404645 SendMessageW 3923->3926 3924->3923 3926->3925 3930 40449a GetDlgItem 3936 404266 SendMessageW 3930->3936 3932 4044b0 SendMessageW 3933 4044d6 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 3932->3933 3934 4044cd GetSysColor 3932->3934 3933->3925 3934->3933 3935->3930 3936->3932 3937->3920 3939 404689 3938->3939 3940 40468e SendMessageW 3938->3940 3939->3940 3940->3906 3944 4058e6 ShellExecuteExW 3941->3944 3943 404605 LoadCursorW SetCursor 3943->3912 3944->3943 3945 401a72 3946 402c1f 17 API calls 3945->3946 3947 401a7b 3946->3947 3948 402c1f 17 API calls 3947->3948 3949 401a20 3948->3949 3950 401573 3951 401583 ShowWindow 3950->3951 3952 40158c 3950->3952 3951->3952 3953 40159a ShowWindow 3952->3953 3954 402ac5 3952->3954 3953->3954 3955 402df3 3956 402e05 SetTimer 3955->3956 3957 402e1e 3955->3957 3956->3957 3958 402e73 3957->3958 3959 402e38 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 3957->3959 3959->3958 3960 401cf3 3961 402c1f 17 API calls 3960->3961 3962 401cf9 IsWindow 3961->3962 3963 401a20 3962->3963 3964 4014f5 SetForegroundWindow 3965 402ac5 3964->3965 3966 402576 3967 402c41 17 API calls 3966->3967 3968 40257d 3967->3968 3971 405db0 GetFileAttributesW CreateFileW 3968->3971 3970 402589 3971->3970 3632 401b77 3633 401bc8 3632->3633 3635 401b84 3632->3635 3636 401bf2 GlobalAlloc 3633->3636 3637 401bcd 3633->3637 3634 4022e4 3639 4062dc 17 API calls 3634->3639 3635->3634 3641 401b9b 3635->3641 3638 4062dc 17 API calls 3636->3638 3647 401c0d 3637->3647 3651 4062ba lstrcpynW 3637->3651 3638->3647 3640 4022f1 3639->3640 3645 405920 MessageBoxIndirectW 3640->3645 3652 4062ba lstrcpynW 3641->3652 3644 401bdf GlobalFree 3644->3647 3645->3647 3646 401baa 3653 4062ba lstrcpynW 3646->3653 3649 401bb9 3654 4062ba lstrcpynW 3649->3654 3651->3644 3652->3646 3653->3649 3654->3647 3972 404a78 3973 404aa4 3972->3973 3974 404a88 3972->3974 3976 404ad7 3973->3976 3977 404aaa SHGetPathFromIDListW 3973->3977 3983 405904 GetDlgItemTextW 3974->3983 3979 404ac1 SendMessageW 3977->3979 3980 404aba 3977->3980 3978 404a95 SendMessageW 3978->3973 3979->3976 3982 40140b 2 API calls 3980->3982 3982->3979 3983->3978 3984 4024f8 3985 402c81 17 API calls 3984->3985 3986 402502 3985->3986 3987 402c1f 17 API calls 3986->3987 3988 40250b 3987->3988 3989 402533 RegEnumValueW 3988->3989 3990 402527 RegEnumKeyW 3988->3990 3992 40288b 3988->3992 3991 402548 RegCloseKey 3989->3991 3990->3991 3991->3992 3994 40167b 3995 402c41 17 API calls 3994->3995 3996 401682 3995->3996 3997 402c41 17 API calls 3996->3997 3998 40168b 3997->3998 3999 402c41 17 API calls 3998->3999 4000 401694 MoveFileW 3999->4000 4001 4016a7 4000->4001 4007 4016a0 4000->4007 4003 4065fd 2 API calls 4001->4003 4005 402250 4001->4005 4002 401423 24 API calls 4002->4005 4004 4016b6 4003->4004 4004->4005 4006 406080 36 API calls 4004->4006 4006->4007 4007->4002 4008 401e7d 4009 402c41 17 API calls 4008->4009 4010 401e83 4009->4010 4011 402c41 17 API calls 4010->4011 4012 401e8c 4011->4012 4013 402c41 17 API calls 4012->4013 4014 401e95 4013->4014 4015 402c41 17 API calls 4014->4015 4016 401e9e 4015->4016 4017 401423 24 API calls 4016->4017 4018 401ea5 4017->4018 4025 4058e6 ShellExecuteExW 4018->4025 4020 401ee7 4023 40288b 4020->4023 4026 406745 WaitForSingleObject 4020->4026 4022 401f01 CloseHandle 4022->4023 4025->4020 4027 40675f 4026->4027 4028 406771 GetExitCodeProcess 4027->4028 4029 4066d0 2 API calls 4027->4029 4028->4022 4030 406766 WaitForSingleObject 4029->4030 4030->4027 4031 4019ff 4032 402c41 17 API calls 4031->4032 4033 401a06 4032->4033 4034 402c41 17 API calls 4033->4034 4035 401a0f 4034->4035 4036 401a16 lstrcmpiW 4035->4036 4037 401a28 lstrcmpW 4035->4037 4038 401a1c 4036->4038 4037->4038 4039 401000 4040 401037 BeginPaint GetClientRect 4039->4040 4041 40100c DefWindowProcW 4039->4041 4043 4010f3 4040->4043 4044 401179 4041->4044 4045 401073 CreateBrushIndirect FillRect DeleteObject 4043->4045 4046 4010fc 4043->4046 4045->4043 4047 401102 CreateFontIndirectW 4046->4047 4048 401167 EndPaint 4046->4048 4047->4048 4049 401112 6 API calls 4047->4049 4048->4044 4049->4048 4050 401503 4051 40150b 4050->4051 4053 40151e 4050->4053 4052 402c1f 17 API calls 4051->4052 4052->4053 3277 402104 3278 402c41 17 API calls 3277->3278 3279 40210b 3278->3279 3280 402c41 17 API calls 3279->3280 3281 402115 3280->3281 3282 402c41 17 API calls 3281->3282 3283 40211f 3282->3283 3284 402c41 17 API calls 3283->3284 3285 402129 3284->3285 3286 402c41 17 API calls 3285->3286 3288 402133 3286->3288 3287 402172 CoCreateInstance 3292 402191 3287->3292 3288->3287 3289 402c41 17 API calls 3288->3289 3289->3287 3290 401423 24 API calls 3291 402250 3290->3291 3292->3290 3292->3291 3293 402484 3304 402c81 3293->3304 3296 402c41 17 API calls 3297 402497 3296->3297 3298 4024a2 RegQueryValueExW 3297->3298 3299 40288b 3297->3299 3300 4024c2 3298->3300 3301 4024c8 RegCloseKey 3298->3301 3300->3301 3309 406201 wsprintfW 3300->3309 3301->3299 3305 402c41 17 API calls 3304->3305 3306 402c98 3305->3306 3307 406127 RegOpenKeyExW 3306->3307 3308 40248e 3307->3308 3308->3296 3309->3301 4054 401f06 4055 402c41 17 API calls 4054->4055 4056 401f0c 4055->4056 4057 405322 24 API calls 4056->4057 4058 401f16 4057->4058 4059 4058a3 2 API calls 4058->4059 4060 401f1c 4059->4060 4061 401f3f CloseHandle 4060->4061 4062 40288b 4060->4062 4063 406745 5 API calls 4060->4063 4061->4062 4065 401f31 4063->4065 4065->4061 4067 406201 wsprintfW 4065->4067 4067->4061 4068 40190c 4069 401943 4068->4069 4070 402c41 17 API calls 4069->4070 4071 401948 4070->4071 4072 4059cc 67 API calls 4071->4072 4073 401951 4072->4073 4074 40230c 4075 402314 4074->4075 4077 40231a 4074->4077 4076 402c41 17 API calls 4075->4076 4076->4077 4078 402328 4077->4078 4080 402c41 17 API calls 4077->4080 4079 402336 4078->4079 4081 402c41 17 API calls 4078->4081 4082 402c41 17 API calls 4079->4082 4080->4078 4081->4079 4083 40233f WritePrivateProfileStringW 4082->4083 4084 401f8c 4085 402c41 17 API calls 4084->4085 4086 401f93 4085->4086 4087 406694 5 API calls 4086->4087 4088 401fa2 4087->4088 4089 402026 4088->4089 4090 401fbe GlobalAlloc 4088->4090 4090->4089 4091 401fd2 4090->4091 4092 406694 5 API calls 4091->4092 4093 401fd9 4092->4093 4094 406694 5 API calls 4093->4094 4095 401fe3 4094->4095 4095->4089 4099 406201 wsprintfW 4095->4099 4097 402018 4100 406201 wsprintfW 4097->4100 4099->4097 4100->4089 4101 40238e 4102 4023c1 4101->4102 4103 402396 4101->4103 4105 402c41 17 API calls 4102->4105 4104 402c81 17 API calls 4103->4104 4107 40239d 4104->4107 4106 4023c8 4105->4106 4112 402cff 4106->4112 4109 4023d5 4107->4109 4110 402c41 17 API calls 4107->4110 4111 4023ae RegDeleteValueW RegCloseKey 4110->4111 4111->4109 4113 402d13 4112->4113 4115 402d0c 4112->4115 4113->4115 4116 402d44 4113->4116 4115->4109 4117 406127 RegOpenKeyExW 4116->4117 4118 402d72 4117->4118 4119 402d98 RegEnumKeyW 4118->4119 4120 402daf RegCloseKey 4118->4120 4121 402dd0 RegCloseKey 4118->4121 4123 402d44 6 API calls 4118->4123 4126 402dc3 4118->4126 4119->4118 4119->4120 4122 406694 5 API calls 4120->4122 4121->4126 4124 402dbf 4122->4124 4123->4118 4125 402de0 RegDeleteKeyW 4124->4125 4124->4126 4125->4126 4126->4115 3363 40338f SetErrorMode GetVersion 3364 4033ce 3363->3364 3365 4033d4 3363->3365 3366 406694 5 API calls 3364->3366 3367 406624 3 API calls 3365->3367 3366->3365 3368 4033ea lstrlenA 3367->3368 3368->3365 3369 4033fa 3368->3369 3370 406694 5 API calls 3369->3370 3371 403401 3370->3371 3372 406694 5 API calls 3371->3372 3373 403408 3372->3373 3374 406694 5 API calls 3373->3374 3375 403414 #17 OleInitialize SHGetFileInfoW 3374->3375 3453 4062ba lstrcpynW 3375->3453 3378 403460 GetCommandLineW 3454 4062ba lstrcpynW 3378->3454 3380 403472 3381 405bbc CharNextW 3380->3381 3382 403497 CharNextW 3381->3382 3383 4035c1 GetTempPathW 3382->3383 3394 4034b0 3382->3394 3455 40335e 3383->3455 3385 4035d9 3386 403633 DeleteFileW 3385->3386 3387 4035dd GetWindowsDirectoryW lstrcatW 3385->3387 3465 402edd GetTickCount GetModuleFileNameW 3386->3465 3388 40335e 12 API calls 3387->3388 3391 4035f9 3388->3391 3389 405bbc CharNextW 3389->3394 3391->3386 3393 4035fd GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3391->3393 3392 403647 3395 4036fe ExitProcess CoUninitialize 3392->3395 3404 405bbc CharNextW 3392->3404 3436 4036ea 3392->3436 3396 40335e 12 API calls 3393->3396 3394->3389 3397 4035ac 3394->3397 3398 4035aa 3394->3398 3399 403834 3395->3399 3400 403714 3395->3400 3402 40362b 3396->3402 3549 4062ba lstrcpynW 3397->3549 3398->3383 3401 40383c GetCurrentProcess OpenProcessToken 3399->3401 3411 4038b8 ExitProcess 3399->3411 3406 405920 MessageBoxIndirectW 3400->3406 3408 403854 LookupPrivilegeValueW AdjustTokenPrivileges 3401->3408 3409 403888 3401->3409 3402->3386 3402->3395 3420 403666 3404->3420 3407 403722 ExitProcess 3406->3407 3408->3409 3413 406694 5 API calls 3409->3413 3410 4036fa 3410->3395 3416 40388f 3413->3416 3414 4036c4 3418 405c97 18 API calls 3414->3418 3415 40372a 3417 40588b 5 API calls 3415->3417 3419 4038a4 ExitWindowsEx 3416->3419 3423 4038b1 3416->3423 3421 40372f lstrcatW 3417->3421 3422 4036d0 3418->3422 3419->3411 3419->3423 3420->3414 3420->3415 3424 403740 lstrcatW 3421->3424 3425 40374b lstrcatW lstrcmpiW 3421->3425 3422->3395 3550 4062ba lstrcpynW 3422->3550 3557 40140b 3423->3557 3424->3425 3425->3395 3427 403767 3425->3427 3429 403773 3427->3429 3430 40376c 3427->3430 3434 40586e 2 API calls 3429->3434 3432 4057f1 4 API calls 3430->3432 3431 4036df 3551 4062ba lstrcpynW 3431->3551 3435 403771 3432->3435 3437 403778 SetCurrentDirectoryW 3434->3437 3435->3437 3493 4039aa 3436->3493 3438 403793 3437->3438 3439 403788 3437->3439 3553 4062ba lstrcpynW 3438->3553 3552 4062ba lstrcpynW 3439->3552 3442 4062dc 17 API calls 3443 4037d2 DeleteFileW 3442->3443 3444 4037df CopyFileW 3443->3444 3450 4037a1 3443->3450 3444->3450 3445 403828 3446 406080 36 API calls 3445->3446 3448 40382f 3446->3448 3447 406080 36 API calls 3447->3450 3448->3395 3449 4062dc 17 API calls 3449->3450 3450->3442 3450->3445 3450->3447 3450->3449 3452 403813 CloseHandle 3450->3452 3554 4058a3 CreateProcessW 3450->3554 3452->3450 3453->3378 3454->3380 3456 40654e 5 API calls 3455->3456 3458 40336a 3456->3458 3457 403374 3457->3385 3458->3457 3459 405b8f 3 API calls 3458->3459 3460 40337c 3459->3460 3461 40586e 2 API calls 3460->3461 3462 403382 3461->3462 3560 405ddf 3462->3560 3564 405db0 GetFileAttributesW CreateFileW 3465->3564 3467 402f1d 3492 402f2d 3467->3492 3565 4062ba lstrcpynW 3467->3565 3469 402f43 3470 405bdb 2 API calls 3469->3470 3471 402f49 3470->3471 3566 4062ba lstrcpynW 3471->3566 3473 402f54 GetFileSize 3474 403050 3473->3474 3491 402f6b 3473->3491 3567 402e79 3474->3567 3476 403059 3478 403089 GlobalAlloc 3476->3478 3476->3492 3579 403347 SetFilePointer 3476->3579 3477 403331 ReadFile 3477->3491 3578 403347 SetFilePointer 3478->3578 3480 4030bc 3482 402e79 6 API calls 3480->3482 3482->3492 3483 403072 3485 403331 ReadFile 3483->3485 3484 4030a4 3486 403116 31 API calls 3484->3486 3487 40307d 3485->3487 3489 4030b0 3486->3489 3487->3478 3487->3492 3488 402e79 6 API calls 3488->3491 3489->3489 3490 4030ed SetFilePointer 3489->3490 3489->3492 3490->3492 3491->3474 3491->3477 3491->3480 3491->3488 3491->3492 3492->3392 3494 406694 5 API calls 3493->3494 3495 4039be 3494->3495 3496 4039c4 3495->3496 3497 4039d6 3495->3497 3592 406201 wsprintfW 3496->3592 3498 406188 3 API calls 3497->3498 3499 403a06 3498->3499 3501 403a25 lstrcatW 3499->3501 3503 406188 3 API calls 3499->3503 3502 4039d4 3501->3502 3584 403c80 3502->3584 3503->3501 3506 405c97 18 API calls 3507 403a57 3506->3507 3508 403aeb 3507->3508 3510 406188 3 API calls 3507->3510 3509 405c97 18 API calls 3508->3509 3511 403af1 3509->3511 3512 403a89 3510->3512 3513 403b01 LoadImageW 3511->3513 3514 4062dc 17 API calls 3511->3514 3512->3508 3517 403aaa lstrlenW 3512->3517 3520 405bbc CharNextW 3512->3520 3515 403ba7 3513->3515 3516 403b28 RegisterClassW 3513->3516 3514->3513 3519 40140b 2 API calls 3515->3519 3518 403b5e SystemParametersInfoW CreateWindowExW 3516->3518 3548 403bb1 3516->3548 3521 403ab8 lstrcmpiW 3517->3521 3522 403ade 3517->3522 3518->3515 3523 403bad 3519->3523 3524 403aa7 3520->3524 3521->3522 3525 403ac8 GetFileAttributesW 3521->3525 3526 405b8f 3 API calls 3522->3526 3528 403c80 18 API calls 3523->3528 3523->3548 3524->3517 3527 403ad4 3525->3527 3529 403ae4 3526->3529 3527->3522 3531 405bdb 2 API calls 3527->3531 3532 403bbe 3528->3532 3593 4062ba lstrcpynW 3529->3593 3531->3522 3533 403bca ShowWindow 3532->3533 3534 403c4d 3532->3534 3535 406624 3 API calls 3533->3535 3536 4053f5 5 API calls 3534->3536 3537 403be2 3535->3537 3538 403c53 3536->3538 3539 403bf0 GetClassInfoW 3537->3539 3542 406624 3 API calls 3537->3542 3540 403c57 3538->3540 3541 403c6f 3538->3541 3544 403c04 GetClassInfoW RegisterClassW 3539->3544 3545 403c1a DialogBoxParamW 3539->3545 3546 40140b 2 API calls 3540->3546 3540->3548 3543 40140b 2 API calls 3541->3543 3542->3539 3543->3548 3544->3545 3547 40140b 2 API calls 3545->3547 3546->3548 3547->3548 3548->3410 3549->3398 3550->3431 3551->3436 3552->3438 3553->3450 3555 4058e2 3554->3555 3556 4058d6 CloseHandle 3554->3556 3555->3450 3556->3555 3558 401389 2 API calls 3557->3558 3559 401420 3558->3559 3559->3411 3561 405dec GetTickCount GetTempFileNameW 3560->3561 3562 405e22 3561->3562 3563 40338d 3561->3563 3562->3561 3562->3563 3563->3385 3564->3467 3565->3469 3566->3473 3568 402e82 3567->3568 3569 402e9a 3567->3569 3570 402e92 3568->3570 3571 402e8b DestroyWindow 3568->3571 3572 402ea2 3569->3572 3573 402eaa GetTickCount 3569->3573 3570->3476 3571->3570 3580 4066d0 3572->3580 3575 402eb8 CreateDialogParamW ShowWindow 3573->3575 3576 402edb 3573->3576 3575->3576 3576->3476 3578->3484 3579->3483 3581 4066ed PeekMessageW 3580->3581 3582 4066e3 DispatchMessageW 3581->3582 3583 402ea8 3581->3583 3582->3581 3583->3476 3585 403c94 3584->3585 3594 406201 wsprintfW 3585->3594 3587 403d05 3595 403d39 3587->3595 3589 403d0a 3590 403a35 3589->3590 3591 4062dc 17 API calls 3589->3591 3590->3506 3591->3589 3592->3502 3593->3508 3594->3587 3596 4062dc 17 API calls 3595->3596 3597 403d47 SetWindowTextW 3596->3597 3597->3589 4127 40190f 4128 402c41 17 API calls 4127->4128 4129 401916 4128->4129 4130 405920 MessageBoxIndirectW 4129->4130 4131 40191f 4130->4131 4132 401491 4133 405322 24 API calls 4132->4133 4134 401498 4133->4134 4135 401d14 4136 402c1f 17 API calls 4135->4136 4137 401d1b 4136->4137 4138 402c1f 17 API calls 4137->4138 4139 401d27 GetDlgItem 4138->4139 4140 402592 4139->4140 4141 405296 4142 4052a6 4141->4142 4143 4052ba 4141->4143 4145 4052ac 4142->4145 4153 405303 4142->4153 4144 4052c2 IsWindowVisible 4143->4144 4147 4052d9 4143->4147 4146 4052cf 4144->4146 4144->4153 4149 40427d SendMessageW 4145->4149 4154 404bec SendMessageW 4146->4154 4148 405308 CallWindowProcW 4147->4148 4159 404c6c 4147->4159 4150 4052b6 4148->4150 4149->4150 4153->4148 4155 404c4b SendMessageW 4154->4155 4156 404c0f GetMessagePos ScreenToClient SendMessageW 4154->4156 4157 404c43 4155->4157 4156->4157 4158 404c48 4156->4158 4157->4147 4158->4155 4168 4062ba lstrcpynW 4159->4168 4161 404c7f 4169 406201 wsprintfW 4161->4169 4163 404c89 4164 40140b 2 API calls 4163->4164 4165 404c92 4164->4165 4170 4062ba lstrcpynW 4165->4170 4167 404c99 4167->4153 4168->4161 4169->4163 4170->4167 4171 402598 4172 4025c7 4171->4172 4173 4025ac 4171->4173 4175 4025fb 4172->4175 4176 4025cc 4172->4176 4174 402c1f 17 API calls 4173->4174 4181 4025b3 4174->4181 4178 402c41 17 API calls 4175->4178 4177 402c41 17 API calls 4176->4177 4179 4025d3 WideCharToMultiByte lstrlenA 4177->4179 4180 402602 lstrlenW 4178->4180 4179->4181 4180->4181 4182 40262f 4181->4182 4183 402645 4181->4183 4185 405e91 5 API calls 4181->4185 4182->4183 4184 405e62 WriteFile 4182->4184 4184->4183 4185->4182 4186 404c9e GetDlgItem GetDlgItem 4187 404cf0 7 API calls 4186->4187 4194 404f09 4186->4194 4188 404d93 DeleteObject 4187->4188 4189 404d86 SendMessageW 4187->4189 4190 404d9c 4188->4190 4189->4188 4192 404dd3 4190->4192 4193 4062dc 17 API calls 4190->4193 4191 404fed 4196 405099 4191->4196 4207 405046 SendMessageW 4191->4207 4229 404efc 4191->4229 4195 404231 18 API calls 4192->4195 4198 404db5 SendMessageW SendMessageW 4193->4198 4194->4191 4197 404f7a 4194->4197 4205 404bec 5 API calls 4194->4205 4201 404de7 4195->4201 4199 4050a3 SendMessageW 4196->4199 4200 4050ab 4196->4200 4197->4191 4203 404fdf SendMessageW 4197->4203 4198->4190 4199->4200 4204 4050d4 4200->4204 4209 4050c4 4200->4209 4210 4050bd ImageList_Destroy 4200->4210 4206 404231 18 API calls 4201->4206 4202 404298 8 API calls 4208 40528f 4202->4208 4203->4191 4212 405243 4204->4212 4228 404c6c 4 API calls 4204->4228 4233 40510f 4204->4233 4205->4197 4211 404df5 4206->4211 4213 40505b SendMessageW 4207->4213 4207->4229 4209->4204 4214 4050cd GlobalFree 4209->4214 4210->4209 4215 404eca GetWindowLongW SetWindowLongW 4211->4215 4222 404ec4 4211->4222 4225 404e45 SendMessageW 4211->4225 4226 404e81 SendMessageW 4211->4226 4227 404e92 SendMessageW 4211->4227 4216 405255 ShowWindow GetDlgItem ShowWindow 4212->4216 4212->4229 4218 40506e 4213->4218 4214->4204 4217 404ee3 4215->4217 4216->4229 4219 404f01 4217->4219 4220 404ee9 ShowWindow 4217->4220 4221 40507f SendMessageW 4218->4221 4238 404266 SendMessageW 4219->4238 4237 404266 SendMessageW 4220->4237 4221->4196 4222->4215 4222->4217 4225->4211 4226->4211 4227->4211 4228->4233 4229->4202 4230 405219 InvalidateRect 4230->4212 4231 40522f 4230->4231 4239 404ba7 4231->4239 4232 40513d SendMessageW 4236 405153 4232->4236 4233->4232 4233->4236 4235 4051c7 SendMessageW SendMessageW 4235->4236 4236->4230 4236->4235 4237->4229 4238->4194 4242 404ade 4239->4242 4241 404bbc 4241->4212 4243 404af7 4242->4243 4244 4062dc 17 API calls 4243->4244 4245 404b5b 4244->4245 4246 4062dc 17 API calls 4245->4246 4247 404b66 4246->4247 4248 4062dc 17 API calls 4247->4248 4249 404b7c lstrlenW wsprintfW SetDlgItemTextW 4248->4249 4249->4241 4250 40149e 4251 4022f7 4250->4251 4252 4014ac PostQuitMessage 4250->4252 4252->4251 3750 401c1f 3751 402c1f 17 API calls 3750->3751 3752 401c26 3751->3752 3753 402c1f 17 API calls 3752->3753 3754 401c33 3753->3754 3755 401c48 3754->3755 3757 402c41 17 API calls 3754->3757 3756 401c58 3755->3756 3758 402c41 17 API calls 3755->3758 3759 401c63 3756->3759 3760 401caf 3756->3760 3757->3755 3758->3756 3761 402c1f 17 API calls 3759->3761 3762 402c41 17 API calls 3760->3762 3763 401c68 3761->3763 3764 401cb4 3762->3764 3765 402c1f 17 API calls 3763->3765 3766 402c41 17 API calls 3764->3766 3767 401c74 3765->3767 3768 401cbd FindWindowExW 3766->3768 3769 401c81 SendMessageTimeoutW 3767->3769 3770 401c9f SendMessageW 3767->3770 3771 401cdf 3768->3771 3769->3771 3770->3771 4253 402aa0 SendMessageW 4254 402ac5 4253->4254 4255 402aba InvalidateRect 4253->4255 4255->4254 4256 402821 4257 402827 4256->4257 4258 402ac5 4257->4258 4259 40282f FindClose 4257->4259 4259->4258 4260 4043a1 lstrlenW 4261 4043c0 4260->4261 4262 4043c2 WideCharToMultiByte 4260->4262 4261->4262 4263 404722 4264 40474e 4263->4264 4265 40475f 4263->4265 4324 405904 GetDlgItemTextW 4264->4324 4267 40476b GetDlgItem 4265->4267 4273 4047ca 4265->4273 4269 40477f 4267->4269 4268 404759 4271 40654e 5 API calls 4268->4271 4272 404793 SetWindowTextW 4269->4272 4280 405c3a 4 API calls 4269->4280 4270 4048ae 4274 404a5d 4270->4274 4326 405904 GetDlgItemTextW 4270->4326 4271->4265 4276 404231 18 API calls 4272->4276 4273->4270 4273->4274 4277 4062dc 17 API calls 4273->4277 4279 404298 8 API calls 4274->4279 4281 4047af 4276->4281 4282 40483e SHBrowseForFolderW 4277->4282 4278 4048de 4283 405c97 18 API calls 4278->4283 4284 404a71 4279->4284 4285 404789 4280->4285 4286 404231 18 API calls 4281->4286 4282->4270 4287 404856 CoTaskMemFree 4282->4287 4288 4048e4 4283->4288 4285->4272 4291 405b8f 3 API calls 4285->4291 4289 4047bd 4286->4289 4290 405b8f 3 API calls 4287->4290 4327 4062ba lstrcpynW 4288->4327 4325 404266 SendMessageW 4289->4325 4293 404863 4290->4293 4291->4272 4296 40489a SetDlgItemTextW 4293->4296 4300 4062dc 17 API calls 4293->4300 4295 4047c3 4298 406694 5 API calls 4295->4298 4296->4270 4297 4048fb 4299 406694 5 API calls 4297->4299 4298->4273 4307 404902 4299->4307 4301 404882 lstrcmpiW 4300->4301 4301->4296 4304 404893 lstrcatW 4301->4304 4302 404943 4328 4062ba lstrcpynW 4302->4328 4304->4296 4305 40494a 4306 405c3a 4 API calls 4305->4306 4308 404950 GetDiskFreeSpaceW 4306->4308 4307->4302 4310 405bdb 2 API calls 4307->4310 4312 40499b 4307->4312 4311 404974 MulDiv 4308->4311 4308->4312 4310->4307 4311->4312 4313 404a0c 4312->4313 4314 404ba7 20 API calls 4312->4314 4315 404a2f 4313->4315 4317 40140b 2 API calls 4313->4317 4316 4049f9 4314->4316 4329 404253 KiUserCallbackDispatcher 4315->4329 4319 404a0e SetDlgItemTextW 4316->4319 4320 4049fe 4316->4320 4317->4315 4319->4313 4322 404ade 20 API calls 4320->4322 4321 404a4b 4321->4274 4323 40467b SendMessageW 4321->4323 4322->4313 4323->4274 4324->4268 4325->4295 4326->4278 4327->4297 4328->4305 4329->4321 4330 4015a3 4331 402c41 17 API calls 4330->4331 4332 4015aa SetFileAttributesW 4331->4332 4333 4015bc 4332->4333 4334 4029a8 4335 402c1f 17 API calls 4334->4335 4336 4029ae 4335->4336 4337 4029d5 4336->4337 4338 4029ee 4336->4338 4346 40288b 4336->4346 4341 4029da 4337->4341 4347 4029eb 4337->4347 4339 402a08 4338->4339 4340 4029f8 4338->4340 4343 4062dc 17 API calls 4339->4343 4342 402c1f 17 API calls 4340->4342 4348 4062ba lstrcpynW 4341->4348 4342->4347 4343->4347 4347->4346 4349 406201 wsprintfW 4347->4349 4348->4346 4349->4346 4350 4028ad 4351 402c41 17 API calls 4350->4351 4353 4028bb 4351->4353 4352 4028d1 4355 405d8b 2 API calls 4352->4355 4353->4352 4354 402c41 17 API calls 4353->4354 4354->4352 4356 4028d7 4355->4356 4378 405db0 GetFileAttributesW CreateFileW 4356->4378 4358 4028e4 4359 4028f0 GlobalAlloc 4358->4359 4360 402987 4358->4360 4363 402909 4359->4363 4364 40297e CloseHandle 4359->4364 4361 4029a2 4360->4361 4362 40298f DeleteFileW 4360->4362 4362->4361 4379 403347 SetFilePointer 4363->4379 4364->4360 4366 40290f 4367 403331 ReadFile 4366->4367 4368 402918 GlobalAlloc 4367->4368 4369 402928 4368->4369 4370 40295c 4368->4370 4371 403116 31 API calls 4369->4371 4372 405e62 WriteFile 4370->4372 4374 402935 4371->4374 4373 402968 GlobalFree 4372->4373 4375 403116 31 API calls 4373->4375 4376 402953 GlobalFree 4374->4376 4377 40297b 4375->4377 4376->4370 4377->4364 4378->4358 4379->4366 4380 401a30 4381 402c41 17 API calls 4380->4381 4382 401a39 ExpandEnvironmentStringsW 4381->4382 4383 401a4d 4382->4383 4385 401a60 4382->4385 4384 401a52 lstrcmpW 4383->4384 4383->4385 4384->4385 3609 402032 3610 402044 3609->3610 3620 4020f6 3609->3620 3611 402c41 17 API calls 3610->3611 3613 40204b 3611->3613 3612 401423 24 API calls 3614 402250 3612->3614 3615 402c41 17 API calls 3613->3615 3616 402054 3615->3616 3617 40206a LoadLibraryExW 3616->3617 3618 40205c GetModuleHandleW 3616->3618 3619 40207b 3617->3619 3617->3620 3618->3617 3618->3619 3629 406703 WideCharToMultiByte 3619->3629 3620->3612 3623 4020c5 3625 405322 24 API calls 3623->3625 3624 40208c 3626 401423 24 API calls 3624->3626 3627 40209c 3624->3627 3625->3627 3626->3627 3627->3614 3628 4020e8 FreeLibrary 3627->3628 3628->3614 3630 40672d GetProcAddress 3629->3630 3631 402086 3629->3631 3630->3631 3631->3623 3631->3624 4391 401735 4392 402c41 17 API calls 4391->4392 4393 40173c SearchPathW 4392->4393 4394 401757 4393->4394 4395 402a35 4396 402c1f 17 API calls 4395->4396 4397 402a3b 4396->4397 4398 402a72 4397->4398 4399 40288b 4397->4399 4401 402a4d 4397->4401 4398->4399 4400 4062dc 17 API calls 4398->4400 4400->4399 4401->4399 4403 406201 wsprintfW 4401->4403 4403->4399 4404 4014b8 4405 4014be 4404->4405 4406 401389 2 API calls 4405->4406 4407 4014c6 4406->4407 4408 401db9 GetDC 4409 402c1f 17 API calls 4408->4409 4410 401dcb GetDeviceCaps MulDiv ReleaseDC 4409->4410 4411 402c1f 17 API calls 4410->4411 4412 401dfc 4411->4412 4413 4062dc 17 API calls 4412->4413 4414 401e39 CreateFontIndirectW 4413->4414 4415 402592 4414->4415 4416 40283b 4417 402843 4416->4417 4418 402847 FindNextFileW 4417->4418 4421 402859 4417->4421 4419 4028a0 4418->4419 4418->4421 4422 4062ba lstrcpynW 4419->4422 4422->4421

                                                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                                                      Function 0040338F Relevance: 75.7, APIs: 33, Strings: 10, Instructions: 410stringfilecomCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 0 40338f-4033cc SetErrorMode GetVersion 1 4033ce-4033d6 call 406694 0->1 2 4033df 0->2 1->2 7 4033d8 1->7 4 4033e4-4033f8 call 406624 lstrlenA 2->4 9 4033fa-403416 call 406694 * 3 4->9 7->2 16 403427-403486 #17 OleInitialize SHGetFileInfoW call 4062ba GetCommandLineW call 4062ba 9->16 17 403418-40341e 9->17 24 403490-4034aa call 405bbc CharNextW 16->24 25 403488-40348f 16->25 17->16 21 403420 17->21 21->16 28 4034b0-4034b6 24->28 29 4035c1-4035db GetTempPathW call 40335e 24->29 25->24 30 4034b8-4034bd 28->30 31 4034bf-4034c3 28->31 38 403633-40364d DeleteFileW call 402edd 29->38 39 4035dd-4035fb GetWindowsDirectoryW lstrcatW call 40335e 29->39 30->30 30->31 33 4034c5-4034c9 31->33 34 4034ca-4034ce 31->34 33->34 36 4034d4-4034da 34->36 37 40358d-40359a call 405bbc 34->37 43 4034f5-40352e 36->43 44 4034dc-4034e4 36->44 54 40359c-40359d 37->54 55 40359e-4035a4 37->55 56 403653-403659 38->56 57 4036fe-40370e ExitProcess CoUninitialize 38->57 39->38 52 4035fd-40362d GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40335e 39->52 50 403530-403535 43->50 51 40354b-403585 43->51 48 4034e6-4034e9 44->48 49 4034eb 44->49 48->43 48->49 49->43 50->51 58 403537-40353f 50->58 51->37 53 403587-40358b 51->53 52->38 52->57 53->37 60 4035ac-4035ba call 4062ba 53->60 54->55 55->28 61 4035aa 55->61 62 4036ee-4036f5 call 4039aa 56->62 63 40365f-40366a call 405bbc 56->63 64 403834-40383a 57->64 65 403714-403724 call 405920 ExitProcess 57->65 66 403541-403544 58->66 67 403546 58->67 71 4035bf 60->71 61->71 80 4036fa 62->80 84 4036b8-4036c2 63->84 85 40366c-4036a1 63->85 68 4038b8-4038c0 64->68 69 40383c-403852 GetCurrentProcess OpenProcessToken 64->69 66->51 66->67 67->51 81 4038c2 68->81 82 4038c6-4038ca ExitProcess 68->82 77 403854-403882 LookupPrivilegeValueW AdjustTokenPrivileges 69->77 78 403888-403896 call 406694 69->78 71->29 77->78 92 4038a4-4038af ExitWindowsEx 78->92 93 403898-4038a2 78->93 80->57 81->82 86 4036c4-4036d2 call 405c97 84->86 87 40372a-40373e call 40588b lstrcatW 84->87 89 4036a3-4036a7 85->89 86->57 102 4036d4-4036ea call 4062ba * 2 86->102 100 403740-403746 lstrcatW 87->100 101 40374b-403765 lstrcatW lstrcmpiW 87->101 94 4036b0-4036b4 89->94 95 4036a9-4036ae 89->95 92->68 99 4038b1-4038b3 call 40140b 92->99 93->92 93->99 94->89 96 4036b6 94->96 95->94 95->96 96->84 99->68 100->101 101->57 105 403767-40376a 101->105 102->62 107 403773 call 40586e 105->107 108 40376c-403771 call 4057f1 105->108 115 403778-403786 SetCurrentDirectoryW 107->115 108->115 116 403793-4037bc call 4062ba 115->116 117 403788-40378e call 4062ba 115->117 121 4037c1-4037dd call 4062dc DeleteFileW 116->121 117->116 124 40381e-403826 121->124 125 4037df-4037ef CopyFileW 121->125 124->121 127 403828-40382f call 406080 124->127 125->124 126 4037f1-403811 call 406080 call 4062dc call 4058a3 125->126 126->124 136 403813-40381a CloseHandle 126->136 127->57 136->124
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • SetErrorMode.KERNELBASE ref: 004033B2
                                                                                                                                                                                                                                                                      • GetVersion.KERNEL32 ref: 004033B8
                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033EB
                                                                                                                                                                                                                                                                      • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403428
                                                                                                                                                                                                                                                                      • OleInitialize.OLE32(00000000), ref: 0040342F
                                                                                                                                                                                                                                                                      • SHGetFileInfoW.SHELL32(00440208,00000000,?,000002B4,00000000), ref: 0040344B
                                                                                                                                                                                                                                                                      • GetCommandLineW.KERNEL32(00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 00403460
                                                                                                                                                                                                                                                                      • CharNextW.USER32(00000000,004CB000,00000020,004CB000,00000000,?,00000006,00000008,0000000A), ref: 00403498
                                                                                                                                                                                                                                                                        • Part of subcall function 00406694: GetModuleHandleA.KERNEL32(?,00000020,?,00403401,0000000A), ref: 004066A6
                                                                                                                                                                                                                                                                        • Part of subcall function 00406694: GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                                                                                                                                                                                                                                                      • GetTempPathW.KERNEL32(00002000,004DF000,?,00000006,00000008,0000000A), ref: 004035D2
                                                                                                                                                                                                                                                                      • GetWindowsDirectoryW.KERNEL32(004DF000,00001FFB,?,00000006,00000008,0000000A), ref: 004035E3
                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(004DF000,\Temp,?,00000006,00000008,0000000A), ref: 004035EF
                                                                                                                                                                                                                                                                      • GetTempPathW.KERNEL32(00001FFC,004DF000,004DF000,\Temp,?,00000006,00000008,0000000A), ref: 00403603
                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(004DF000,Low,?,00000006,00000008,0000000A), ref: 0040360B
                                                                                                                                                                                                                                                                      • SetEnvironmentVariableW.KERNEL32(TEMP,004DF000,004DF000,Low,?,00000006,00000008,0000000A), ref: 0040361C
                                                                                                                                                                                                                                                                      • SetEnvironmentVariableW.KERNEL32(TMP,004DF000,?,00000006,00000008,0000000A), ref: 00403624
                                                                                                                                                                                                                                                                      • DeleteFileW.KERNELBASE(004DB000,?,00000006,00000008,0000000A), ref: 00403638
                                                                                                                                                                                                                                                                        • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,00002000,00403460,00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 004062C7
                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32(00000006,?,00000006,00000008,0000000A), ref: 004036FE
                                                                                                                                                                                                                                                                      • CoUninitialize.COMBASE(00000006,?,00000006,00000008,0000000A), ref: 00403703
                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 00403724
                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(004DF000,~nsu,004CB000,00000000,00000006,?,00000006,00000008,0000000A), ref: 00403737
                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(004DF000,0040A26C,004DF000,~nsu,004CB000,00000000,00000006,?,00000006,00000008,0000000A), ref: 00403746
                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(004DF000,.tmp,004DF000,~nsu,004CB000,00000000,00000006,?,00000006,00000008,0000000A), ref: 00403751
                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(004DF000,004D7000,004DF000,.tmp,004DF000,~nsu,004CB000,00000000,00000006,?,00000006,00000008,0000000A), ref: 0040375D
                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNEL32(004DF000,004DF000,?,00000006,00000008,0000000A), ref: 00403779
                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(0043C208,0043C208,?,0047B000,00000008,?,00000006,00000008,0000000A), ref: 004037D3
                                                                                                                                                                                                                                                                      • CopyFileW.KERNEL32(004E7000,0043C208,00000001,?,00000006,00000008,0000000A), ref: 004037E7
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,0043C208,0043C208,?,0043C208,00000000,?,00000006,00000008,0000000A), ref: 00403814
                                                                                                                                                                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 00403843
                                                                                                                                                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 0040384A
                                                                                                                                                                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040385F
                                                                                                                                                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32 ref: 00403882
                                                                                                                                                                                                                                                                      • ExitWindowsEx.USER32(00000002,80040002), ref: 004038A7
                                                                                                                                                                                                                                                                      • ExitProcess.KERNEL32 ref: 004038CA
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Processlstrcat$ExitFile$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                                                                                                                                                                                                      • String ID: .tmp$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                                                                                      • API String ID: 424501083-3195845224
                                                                                                                                                                                                                                                                      • Opcode ID: d8143391da9922f0f8fdd9eae6183e51d391a53b8ae8d145ad5f2599bc791527
                                                                                                                                                                                                                                                                      • Instruction ID: 33fbdd78d52bfd04f2c73b4da217482bb076a8c6d1615cdfa2cd3638f3c4bec2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d8143391da9922f0f8fdd9eae6183e51d391a53b8ae8d145ad5f2599bc791527
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45D1F471100310AAE720BF769D45B2B3AADEB4070AF10447FF885B62E1DBBD8D55876E
                                                                                                                                                                                                                                                                      Function 00405461 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 137 405461-40547c 138 405482-405549 GetDlgItem * 3 call 404266 call 404bbf GetClientRect GetSystemMetrics SendMessageW * 2 137->138 139 40560b-405612 137->139 160 405567-40556a 138->160 161 40554b-405565 SendMessageW * 2 138->161 141 405614-405636 GetDlgItem CreateThread CloseHandle 139->141 142 40563c-405649 139->142 141->142 144 405667-405671 142->144 145 40564b-405651 142->145 149 405673-405679 144->149 150 4056c7-4056cb 144->150 147 405653-405662 ShowWindow * 2 call 404266 145->147 148 40568c-405695 call 404298 145->148 147->144 157 40569a-40569e 148->157 155 4056a1-4056b1 ShowWindow 149->155 156 40567b-405687 call 40420a 149->156 150->148 153 4056cd-4056d3 150->153 153->148 162 4056d5-4056e8 SendMessageW 153->162 158 4056c1-4056c2 call 40420a 155->158 159 4056b3-4056bc call 405322 155->159 156->148 158->150 159->158 166 40557a-405591 call 404231 160->166 167 40556c-405578 SendMessageW 160->167 161->160 168 4057ea-4057ec 162->168 169 4056ee-405719 CreatePopupMenu call 4062dc AppendMenuW 162->169 176 405593-4055a7 ShowWindow 166->176 177 4055c7-4055e8 GetDlgItem SendMessageW 166->177 167->166 168->157 174 40571b-40572b GetWindowRect 169->174 175 40572e-405743 TrackPopupMenu 169->175 174->175 175->168 179 405749-405760 175->179 180 4055b6 176->180 181 4055a9-4055b4 ShowWindow 176->181 177->168 178 4055ee-405606 SendMessageW * 2 177->178 178->168 182 405765-405780 SendMessageW 179->182 183 4055bc-4055c2 call 404266 180->183 181->183 182->182 184 405782-4057a5 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 182->184 183->177 186 4057a7-4057ce SendMessageW 184->186 186->186 187 4057d0-4057e4 GlobalUnlock SetClipboardData CloseClipboard 186->187 187->168
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000403), ref: 004054BF
                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EE), ref: 004054CE
                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 0040550B
                                                                                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000002), ref: 00405512
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405533
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405544
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405557
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405565
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405578
                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040559A
                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000008), ref: 004055AE
                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 004055CF
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004055DF
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004055F8
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405604
                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003F8), ref: 004054DD
                                                                                                                                                                                                                                                                        • Part of subcall function 00404266: SendMessageW.USER32(00000028,?,00000001,00404091), ref: 00404274
                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003EC), ref: 00405621
                                                                                                                                                                                                                                                                      • CreateThread.KERNELBASE(00000000,00000000,Function_000053F5,00000000), ref: 0040562F
                                                                                                                                                                                                                                                                      • CloseHandle.KERNELBASE(00000000), ref: 00405636
                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000), ref: 0040565A
                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000008), ref: 0040565F
                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000008), ref: 004056A9
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004056DD
                                                                                                                                                                                                                                                                      • CreatePopupMenu.USER32 ref: 004056EE
                                                                                                                                                                                                                                                                      • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405702
                                                                                                                                                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00405722
                                                                                                                                                                                                                                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040573B
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405773
                                                                                                                                                                                                                                                                      • OpenClipboard.USER32(00000000), ref: 00405783
                                                                                                                                                                                                                                                                      • EmptyClipboard.USER32 ref: 00405789
                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405795
                                                                                                                                                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 0040579F
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 004057B3
                                                                                                                                                                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 004057D3
                                                                                                                                                                                                                                                                      • SetClipboardData.USER32(0000000D,00000000), ref: 004057DE
                                                                                                                                                                                                                                                                      • CloseClipboard.USER32 ref: 004057E4
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                                                                      • String ID: {
                                                                                                                                                                                                                                                                      • API String ID: 590372296-366298937
                                                                                                                                                                                                                                                                      • Opcode ID: 3f5756e17ddf514bb7e58e27119461a6e63aa272c655e6837988b65713ff16ec
                                                                                                                                                                                                                                                                      • Instruction ID: bae72a1d173c3811f2fd5642bc5838002141c6bee16c4b6d0499208050eeb164
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f5756e17ddf514bb7e58e27119461a6e63aa272c655e6837988b65713ff16ec
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3CB12970900608FFDB119FA0DE89EAE7B79FB48354F00413AFA45A61A0CBB55E91DF58
                                                                                                                                                                                                                                                                      Function 004059CC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 148filestringCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 497 4059cc-4059f2 call 405c97 500 4059f4-405a06 DeleteFileW 497->500 501 405a0b-405a12 497->501 502 405b88-405b8c 500->502 503 405a14-405a16 501->503 504 405a25-405a35 call 4062ba 501->504 505 405b36-405b3b 503->505 506 405a1c-405a1f 503->506 510 405a44-405a45 call 405bdb 504->510 511 405a37-405a42 lstrcatW 504->511 505->502 509 405b3d-405b40 505->509 506->504 506->505 512 405b42-405b48 509->512 513 405b4a-405b52 call 4065fd 509->513 514 405a4a-405a4e 510->514 511->514 512->502 513->502 521 405b54-405b68 call 405b8f call 405984 513->521 517 405a50-405a58 514->517 518 405a5a-405a60 lstrcatW 514->518 517->518 520 405a65-405a81 lstrlenW FindFirstFileW 517->520 518->520 522 405a87-405a8f 520->522 523 405b2b-405b2f 520->523 537 405b80-405b83 call 405322 521->537 538 405b6a-405b6d 521->538 527 405a91-405a99 522->527 528 405aaf-405ac3 call 4062ba 522->528 523->505 526 405b31 523->526 526->505 531 405a9b-405aa3 527->531 532 405b0e-405b1e FindNextFileW 527->532 539 405ac5-405acd 528->539 540 405ada-405ae5 call 405984 528->540 531->528 533 405aa5-405aad 531->533 532->522 536 405b24-405b25 FindClose 532->536 533->528 533->532 536->523 537->502 538->512 541 405b6f-405b7e call 405322 call 406080 538->541 539->532 542 405acf-405ad3 call 4059cc 539->542 550 405b06-405b09 call 405322 540->550 551 405ae7-405aea 540->551 541->502 549 405ad8 542->549 549->532 550->532 554 405aec-405afc call 405322 call 406080 551->554 555 405afe-405b04 551->555 554->532 555->532
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • DeleteFileW.KERNELBASE(?,?,004DF000,74DF3420,00000000), ref: 004059F5
                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(00460250,\*.*,00460250,?,?,004DF000,74DF3420,00000000), ref: 00405A3D
                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(?,0040A014,?,00460250,?,?,004DF000,74DF3420,00000000), ref: 00405A60
                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?,?,0040A014,?,00460250,?,?,004DF000,74DF3420,00000000), ref: 00405A66
                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNELBASE(00460250,?,?,?,0040A014,?,00460250,?,?,004DF000,74DF3420,00000000), ref: 00405A76
                                                                                                                                                                                                                                                                      • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405B16
                                                                                                                                                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00405B25
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                      • String ID: \*.*
                                                                                                                                                                                                                                                                      • API String ID: 2035342205-1173974218
                                                                                                                                                                                                                                                                      • Opcode ID: 381ae1539308b0fff5c23660480c7799636f68814d34eb948432fba1f876741c
                                                                                                                                                                                                                                                                      • Instruction ID: 3baa02bdf70247edfb0f680676f8bffda79515ede8bd61e7e13478a9eee65f3b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 381ae1539308b0fff5c23660480c7799636f68814d34eb948432fba1f876741c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E141D430900914AACB21AB618C89ABF7778EF45369F10427FF801711D1D77CAD81DE6E
                                                                                                                                                                                                                                                                      Function 004065FD Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNELBASE(004DF000,00468298,00464250,00405CE0,00464250,00464250,00000000,00464250,00464250,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420), ref: 00406608
                                                                                                                                                                                                                                                                      • FindClose.KERNELBASE(00000000), ref: 00406614
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                      • Opcode ID: f7cd178be2e6469beafc72b660366141f3ce998a63a06fca00c04ee689428cf9
                                                                                                                                                                                                                                                                      • Instruction ID: 086872f0bf6ffc0fec3bf9e050170664210a11ef237051a194e92f35cf11c1a2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f7cd178be2e6469beafc72b660366141f3ce998a63a06fca00c04ee689428cf9
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52D012315455205BC7001B386E0C85B7B599F553317158F37F46AF51E0DB758C62869D
                                                                                                                                                                                                                                                                      Function 00402104 Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402183
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CreateInstance
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 542301482-0
                                                                                                                                                                                                                                                                      • Opcode ID: 6add73535d334bbd10faeab47eb29d8a703edf5c42766cfe57afeb0baa1f3480
                                                                                                                                                                                                                                                                      • Instruction ID: 6590b0d0bd135a94e5278e34c2007f8374f9804fe0c2ec815525577e7f77d17f
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6add73535d334bbd10faeab47eb29d8a703edf5c42766cfe57afeb0baa1f3480
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 01414C71A00208AFCF04DFE4C988A9D7BB5FF48314B24457AF915EB2E0DBB99981CB44
                                                                                                                                                                                                                                                                      Function 00403D58 Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 188 403d58-403d6a 189 403d70-403d76 188->189 190 403eab-403eba 188->190 189->190 191 403d7c-403d85 189->191 192 403f09-403f1e 190->192 193 403ebc-403f04 GetDlgItem * 2 call 404231 SetClassLongW call 40140b 190->193 196 403d87-403d94 SetWindowPos 191->196 197 403d9a-403d9d 191->197 194 403f20-403f23 192->194 195 403f5e-403f63 call 40427d 192->195 193->192 199 403f25-403f30 call 401389 194->199 200 403f56-403f58 194->200 207 403f68-403f83 195->207 196->197 202 403db7-403dbd 197->202 203 403d9f-403db1 ShowWindow 197->203 199->200 221 403f32-403f51 SendMessageW 199->221 200->195 206 4041fe 200->206 208 403dd9-403ddc 202->208 209 403dbf-403dd4 DestroyWindow 202->209 203->202 214 404200-404207 206->214 212 403f85-403f87 call 40140b 207->212 213 403f8c-403f92 207->213 217 403dde-403dea SetWindowLongW 208->217 218 403def-403df5 208->218 215 4041db-4041e1 209->215 212->213 224 403f98-403fa3 213->224 225 4041bc-4041d5 DestroyWindow EndDialog 213->225 215->206 223 4041e3-4041e9 215->223 217->214 219 403e98-403ea6 call 404298 218->219 220 403dfb-403e0c GetDlgItem 218->220 219->214 226 403e2b-403e2e 220->226 227 403e0e-403e25 SendMessageW IsWindowEnabled 220->227 221->214 223->206 229 4041eb-4041f4 ShowWindow 223->229 224->225 230 403fa9-403ff6 call 4062dc call 404231 * 3 GetDlgItem 224->230 225->215 231 403e30-403e31 226->231 232 403e33-403e36 226->232 227->206 227->226 229->206 258 404000-40403c ShowWindow KiUserCallbackDispatcher call 404253 EnableWindow 230->258 259 403ff8-403ffd 230->259 235 403e61-403e66 call 40420a 231->235 236 403e44-403e49 232->236 237 403e38-403e3e 232->237 235->219 241 403e7f-403e92 SendMessageW 236->241 242 403e4b-403e51 236->242 240 403e40-403e42 237->240 237->241 240->235 241->219 246 403e53-403e59 call 40140b 242->246 247 403e68-403e71 call 40140b 242->247 256 403e5f 246->256 247->219 255 403e73-403e7d 247->255 255->256 256->235 262 404041 258->262 263 40403e-40403f 258->263 259->258 264 404043-404071 GetSystemMenu EnableMenuItem SendMessageW 262->264 263->264 265 404073-404084 SendMessageW 264->265 266 404086 264->266 267 40408c-4040cb call 404266 call 403d39 call 4062ba lstrlenW call 4062dc SetWindowTextW call 401389 265->267 266->267 267->207 278 4040d1-4040d3 267->278 278->207 279 4040d9-4040dd 278->279 280 4040fc-404110 DestroyWindow 279->280 281 4040df-4040e5 279->281 280->215 282 404116-404143 CreateDialogParamW 280->282 281->206 283 4040eb-4040f1 281->283 282->215 284 404149-4041a0 call 404231 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 282->284 283->207 285 4040f7 283->285 284->206 290 4041a2-4041b5 ShowWindow call 40427d 284->290 285->206 292 4041ba 290->292 292->215
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D94
                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?), ref: 00403DB1
                                                                                                                                                                                                                                                                      • DestroyWindow.USER32 ref: 00403DC5
                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403DE1
                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,?), ref: 00403E02
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403E16
                                                                                                                                                                                                                                                                      • IsWindowEnabled.USER32(00000000), ref: 00403E1D
                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 00403ECB
                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000002), ref: 00403ED5
                                                                                                                                                                                                                                                                      • SetClassLongW.USER32(?,000000F2,?), ref: 00403EEF
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403F40
                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000003), ref: 00403FE6
                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,?), ref: 00404007
                                                                                                                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404019
                                                                                                                                                                                                                                                                      • EnableWindow.USER32(?,?), ref: 00404034
                                                                                                                                                                                                                                                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040404A
                                                                                                                                                                                                                                                                      • EnableMenuItem.USER32(00000000), ref: 00404051
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00404069
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040407C
                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(00450248,?,00450248,00000000), ref: 004040A6
                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,00450248), ref: 004040BA
                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,0000000A), ref: 004041EE
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3282139019-0
                                                                                                                                                                                                                                                                      • Opcode ID: fc0f4d7be1e4c82c86fade982caad82dc734dafc7249948e3003efd3e17736fb
                                                                                                                                                                                                                                                                      • Instruction ID: ebd8885eb79f40fe398f9982bcc50e4b60f6275a3dc5f5776bcae5bce4ead0d0
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc0f4d7be1e4c82c86fade982caad82dc734dafc7249948e3003efd3e17736fb
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AFC1D5B1500304ABDB206F61EE88E2B3A78FB95346F00053EF645B51F1CB799891DB6E
                                                                                                                                                                                                                                                                      Function 004039AA Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 293 4039aa-4039c2 call 406694 296 4039c4-4039d4 call 406201 293->296 297 4039d6-403a0d call 406188 293->297 306 403a30-403a59 call 403c80 call 405c97 296->306 302 403a25-403a2b lstrcatW 297->302 303 403a0f-403a20 call 406188 297->303 302->306 303->302 311 403aeb-403af3 call 405c97 306->311 312 403a5f-403a64 306->312 318 403b01-403b26 LoadImageW 311->318 319 403af5-403afc call 4062dc 311->319 312->311 313 403a6a-403a92 call 406188 312->313 313->311 320 403a94-403a98 313->320 322 403ba7-403baf call 40140b 318->322 323 403b28-403b58 RegisterClassW 318->323 319->318 324 403aaa-403ab6 lstrlenW 320->324 325 403a9a-403aa7 call 405bbc 320->325 336 403bb1-403bb4 322->336 337 403bb9-403bc4 call 403c80 322->337 326 403c76 323->326 327 403b5e-403ba2 SystemParametersInfoW CreateWindowExW 323->327 331 403ab8-403ac6 lstrcmpiW 324->331 332 403ade-403ae6 call 405b8f call 4062ba 324->332 325->324 330 403c78-403c7f 326->330 327->322 331->332 335 403ac8-403ad2 GetFileAttributesW 331->335 332->311 339 403ad4-403ad6 335->339 340 403ad8-403ad9 call 405bdb 335->340 336->330 346 403bca-403be4 ShowWindow call 406624 337->346 347 403c4d-403c4e call 4053f5 337->347 339->332 339->340 340->332 352 403bf0-403c02 GetClassInfoW 346->352 353 403be6-403beb call 406624 346->353 351 403c53-403c55 347->351 354 403c57-403c5d 351->354 355 403c6f-403c71 call 40140b 351->355 359 403c04-403c14 GetClassInfoW RegisterClassW 352->359 360 403c1a-403c3d DialogBoxParamW call 40140b 352->360 353->352 354->336 356 403c63-403c6a call 40140b 354->356 355->326 356->336 359->360 364 403c42-403c4b call 4038fa 360->364 364->330
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00406694: GetModuleHandleA.KERNEL32(?,00000020,?,00403401,0000000A), ref: 004066A6
                                                                                                                                                                                                                                                                        • Part of subcall function 00406694: GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(004DB000,00450248,80000001,Control Panel\Desktop\ResourceLocale,00000000,00450248,00000000,00000002,004DF000,74DF3420,004CB000,00000000), ref: 00403A2B
                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,004CF000,004DB000,00450248,80000001,Control Panel\Desktop\ResourceLocale,00000000,00450248,00000000,00000002,004DF000), ref: 00403AAB
                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,004CF000,004DB000,00450248,80000001,Control Panel\Desktop\ResourceLocale,00000000,00450248,00000000), ref: 00403ABE
                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(Remove folder: ), ref: 00403AC9
                                                                                                                                                                                                                                                                      • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004CF000), ref: 00403B12
                                                                                                                                                                                                                                                                        • Part of subcall function 00406201: wsprintfW.USER32 ref: 0040620E
                                                                                                                                                                                                                                                                      • RegisterClassW.USER32(00472E80), ref: 00403B4F
                                                                                                                                                                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403B67
                                                                                                                                                                                                                                                                      • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B9C
                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000005,00000000), ref: 00403BD2
                                                                                                                                                                                                                                                                      • GetClassInfoW.USER32(00000000,RichEdit20W,00472E80), ref: 00403BFE
                                                                                                                                                                                                                                                                      • GetClassInfoW.USER32(00000000,RichEdit,00472E80), ref: 00403C0B
                                                                                                                                                                                                                                                                      • RegisterClassW.USER32(00472E80), ref: 00403C14
                                                                                                                                                                                                                                                                      • DialogBoxParamW.USER32(?,00000000,00403D58,00000000), ref: 00403C33
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                      • String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                                                                                                      • API String ID: 1975747703-564491471
                                                                                                                                                                                                                                                                      • Opcode ID: f1b2be5f89fac0cbf9958f47fdf3d8daba4c0bfed37b59ff3d0d792caf125e20
                                                                                                                                                                                                                                                                      • Instruction ID: e946f9b6b947081a315c1f95bc525aa973ad4f651662e5f5477bf26fdb3bf1de
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1b2be5f89fac0cbf9958f47fdf3d8daba4c0bfed37b59ff3d0d792caf125e20
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B361C8302407007ED720AF669E45E2B3A6CEB8474AF40417FF985B51E2DBBD5951CB2E
                                                                                                                                                                                                                                                                      Function 004062DC Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 209stringCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 367 4062dc-4062e7 368 4062e9-4062f8 367->368 369 4062fa-406310 367->369 368->369 370 406316-406323 369->370 371 406528-40652e 369->371 370->371 374 406329-406330 370->374 372 406534-40653f 371->372 373 406335-406342 371->373 376 406541-406545 call 4062ba 372->376 377 40654a-40654b 372->377 373->372 375 406348-406354 373->375 374->371 378 406515 375->378 379 40635a-406398 375->379 376->377 383 406523-406526 378->383 384 406517-406521 378->384 381 4064b8-4064bc 379->381 382 40639e-4063a9 379->382 387 4064be-4064c4 381->387 388 4064ef-4064f3 381->388 385 4063c2 382->385 386 4063ab-4063b0 382->386 383->371 384->371 392 4063c9-4063d0 385->392 386->385 389 4063b2-4063b5 386->389 390 4064d4-4064e0 call 4062ba 387->390 391 4064c6-4064d2 call 406201 387->391 393 406502-406513 lstrlenW 388->393 394 4064f5-4064fd call 4062dc 388->394 389->385 396 4063b7-4063ba 389->396 405 4064e5-4064eb 390->405 391->405 398 4063d2-4063d4 392->398 399 4063d5-4063d7 392->399 393->371 394->393 396->385 401 4063bc-4063c0 396->401 398->399 403 406412-406415 399->403 404 4063d9-406400 call 406188 399->404 401->392 406 406425-406428 403->406 407 406417-406423 GetSystemDirectoryW 403->407 417 4064a0-4064a3 404->417 418 406406-40640d call 4062dc 404->418 405->393 409 4064ed 405->409 411 406493-406495 406->411 412 40642a-406438 GetWindowsDirectoryW 406->412 410 406497-40649b 407->410 414 4064b0-4064b6 call 40654e 409->414 410->414 419 40649d 410->419 411->410 416 40643a-406444 411->416 412->411 414->393 422 406446-406449 416->422 423 40645e-406474 SHGetSpecialFolderLocation 416->423 417->414 420 4064a5-4064ab lstrcatW 417->420 418->410 419->417 420->414 422->423 426 40644b-406452 422->426 427 406476-40648d SHGetPathFromIDListW CoTaskMemFree 423->427 428 40648f 423->428 429 40645a-40645c 426->429 427->410 427->428 428->411 429->410 429->423
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(Remove folder: ,00002000), ref: 0040641D
                                                                                                                                                                                                                                                                      • GetWindowsDirectoryW.KERNEL32(Remove folder: ,00002000,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\,?,00405359,Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\,00000000), ref: 00406430
                                                                                                                                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00405359,0042CE00,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\,?,00405359,Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\,00000000), ref: 0040646C
                                                                                                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(0042CE00,Remove folder: ), ref: 0040647A
                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(0042CE00), ref: 00406485
                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 004064AB
                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\,?,00405359,Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\,00000000), ref: 00406503
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                                                                                                                                                                      • String ID: Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                      • API String ID: 717251189-1796724754
                                                                                                                                                                                                                                                                      • Opcode ID: 412c271bb9d070f278564469311d6f605cf1b48e62db3e13451b1dc2679c3c4f
                                                                                                                                                                                                                                                                      • Instruction ID: deb4280fb9253f119c0dee44fead77f8699473dbe43bed35a1e393a154a8df3c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 412c271bb9d070f278564469311d6f605cf1b48e62db3e13451b1dc2679c3c4f
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87612371A00115AADF209F64DC44BAE37A5EF45318F22803FE907B62D0D77D9AA1C75E
                                                                                                                                                                                                                                                                      Function 00402EDD Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 430 402edd-402f2b GetTickCount GetModuleFileNameW call 405db0 433 402f37-402f65 call 4062ba call 405bdb call 4062ba GetFileSize 430->433 434 402f2d-402f32 430->434 442 403052-403060 call 402e79 433->442 443 402f6b 433->443 435 40310f-403113 434->435 449 403062-403065 442->449 450 4030b5-4030ba 442->450 445 402f70-402f87 443->445 447 402f89 445->447 448 402f8b-402f94 call 403331 445->448 447->448 456 402f9a-402fa1 448->456 457 4030bc-4030c4 call 402e79 448->457 452 403067-40307f call 403347 call 403331 449->452 453 403089-4030b3 GlobalAlloc call 403347 call 403116 449->453 450->435 452->450 478 403081-403087 452->478 453->450 476 4030c6-4030d7 453->476 461 402fa3-402fb7 call 405d6b 456->461 462 40301d-403021 456->462 457->450 467 40302b-403031 461->467 481 402fb9-402fc0 461->481 466 403023-40302a call 402e79 462->466 462->467 466->467 473 403040-40304a 467->473 474 403033-40303d call 406787 467->474 473->445 477 403050 473->477 474->473 483 4030d9 476->483 484 4030df-4030e4 476->484 477->442 478->450 478->453 481->467 482 402fc2-402fc9 481->482 482->467 486 402fcb-402fd2 482->486 483->484 487 4030e5-4030eb 484->487 486->467 488 402fd4-402fdb 486->488 487->487 489 4030ed-403108 SetFilePointer call 405d6b 487->489 488->467 490 402fdd-402ffd 488->490 493 40310d 489->493 490->450 492 403003-403007 490->492 494 403009-40300d 492->494 495 40300f-403017 492->495 493->435 494->477 494->495 495->467 496 403019-40301b 495->496 496->467
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00402EEE
                                                                                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,004E7000,00002000,?,00000006,00000008,0000000A), ref: 00402F0A
                                                                                                                                                                                                                                                                        • Part of subcall function 00405DB0: GetFileAttributesW.KERNELBASE(004E7000,00402F1D,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405DB4
                                                                                                                                                                                                                                                                        • Part of subcall function 00405DB0: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DD6
                                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,004EB000,00000000,004D7000,004D7000,004E7000,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00402F56
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004030B5
                                                                                                                                                                                                                                                                      • Error launching installer, xrefs: 00402F2D
                                                                                                                                                                                                                                                                      • soft, xrefs: 00402FCB
                                                                                                                                                                                                                                                                      • Inst, xrefs: 00402FC2
                                                                                                                                                                                                                                                                      • Null, xrefs: 00402FD4
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                                                                                                      • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                                                                      • API String ID: 4283519449-527102705
                                                                                                                                                                                                                                                                      • Opcode ID: 6fdf7a3c576b274adc95fc68e3ac1b8cc101307f87f608dfe476064d1f7918cb
                                                                                                                                                                                                                                                                      • Instruction ID: d807cc789e5c0b6659aec278a7977cb1897ccc82e3fedab9e592eb30a9b28e48
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6fdf7a3c576b274adc95fc68e3ac1b8cc101307f87f608dfe476064d1f7918cb
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23511671901205ABDB20AF61DD85B9F7FACEB0431AF20403BF914B62D5C7789E818B9D
                                                                                                                                                                                                                                                                      Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 561 40176f-401794 call 402c41 call 405c06 566 401796-40179c call 4062ba 561->566 567 40179e-4017b0 call 4062ba call 405b8f lstrcatW 561->567 572 4017b5-4017b6 call 40654e 566->572 567->572 576 4017bb-4017bf 572->576 577 4017c1-4017cb call 4065fd 576->577 578 4017f2-4017f5 576->578 586 4017dd-4017ef 577->586 587 4017cd-4017db CompareFileTime 577->587 580 4017f7-4017f8 call 405d8b 578->580 581 4017fd-401819 call 405db0 578->581 580->581 588 40181b-40181e 581->588 589 40188d-4018b6 call 405322 call 403116 581->589 586->578 587->586 590 401820-40185e call 4062ba * 2 call 4062dc call 4062ba call 405920 588->590 591 40186f-401879 call 405322 588->591 603 4018b8-4018bc 589->603 604 4018be-4018ca SetFileTime 589->604 590->576 623 401864-401865 590->623 601 401882-401888 591->601 605 402ace 601->605 603->604 607 4018d0-4018db CloseHandle 603->607 604->607 611 402ad0-402ad4 605->611 608 4018e1-4018e4 607->608 609 402ac5-402ac8 607->609 612 4018e6-4018f7 call 4062dc lstrcatW 608->612 613 4018f9-4018fc call 4062dc 608->613 609->605 619 401901-4022fc call 405920 612->619 613->619 619->609 619->611 623->601 625 401867-401868 623->625 625->591
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(00000000,00000000,ExecShellAsUser,004D3000,?,?,00000031), ref: 004017B0
                                                                                                                                                                                                                                                                      • CompareFileTime.KERNEL32(-00000014,?,ExecShellAsUser,ExecShellAsUser,00000000,00000000,ExecShellAsUser,004D3000,?,?,00000031), ref: 004017D5
                                                                                                                                                                                                                                                                        • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,00002000,00403460,00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 004062C7
                                                                                                                                                                                                                                                                        • Part of subcall function 00405322: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                                                                                                                                                                                                                                        • Part of subcall function 00405322: lstrlenW.KERNEL32(0040327A,Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                                                                                                                                                                                                                                        • Part of subcall function 00405322: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\,0040327A,0040327A,Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\,00000000,0042CE00,74DF23A0), ref: 0040537D
                                                                                                                                                                                                                                                                        • Part of subcall function 00405322: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\), ref: 0040538F
                                                                                                                                                                                                                                                                        • Part of subcall function 00405322: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                                                                                                                                                                                                                                        • Part of subcall function 00405322: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                                                                                                                                                                                                                                        • Part of subcall function 00405322: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp$C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\StdUtils.dll$ExecShellAsUser
                                                                                                                                                                                                                                                                      • API String ID: 1941528284-2358903507
                                                                                                                                                                                                                                                                      • Opcode ID: 84cc1ef8d08a74648e49299eefb5f22073aa957ae4a4092afed5da839c45f715
                                                                                                                                                                                                                                                                      • Instruction ID: c6e8234c1d4b6e0ef99598e998ad36802638a9a190aaa2bd7459f070bf199d51
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 84cc1ef8d08a74648e49299eefb5f22073aa957ae4a4092afed5da839c45f715
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9841B471900514BACF107BA5CD45DAF3A79EF05368F20423FF422B10E1DA3C86919A6E
                                                                                                                                                                                                                                                                      Function 00406624 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 627 406624-406644 GetSystemDirectoryW 628 406646 627->628 629 406648-40664a 627->629 628->629 630 40665b-40665d 629->630 631 40664c-406655 629->631 633 40665e-406691 wsprintfW LoadLibraryExW 630->633 631->630 632 406657-406659 631->632 632->633
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040663B
                                                                                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00406676
                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040668A
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                                                                      • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                                                                                      • API String ID: 2200240437-1946221925
                                                                                                                                                                                                                                                                      • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                                                                                                                                                                                                      • Instruction ID: 9fa172bba6ca99a644905d2b6d7ed641771312ed853c50fe9922007c80c3d461
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7CF0FC70501119A6CF10BB64DD0EF9B365CA700304F10447AA54AF10D1EBB9DB64CB99
                                                                                                                                                                                                                                                                      Function 00403116 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 634 403116-40312d 635 403136-40313f 634->635 636 40312f 634->636 637 403141 635->637 638 403148-40314d 635->638 636->635 637->638 639 40315d-40316a call 403331 638->639 640 40314f-403158 call 403347 638->640 644 403170-403174 639->644 645 40331f 639->645 640->639 646 4032ca-4032cc 644->646 647 40317a-4031c3 GetTickCount 644->647 648 403321-403322 645->648 649 40330c-40330f 646->649 650 4032ce-4032d1 646->650 651 403327 647->651 652 4031c9-4031d1 647->652 653 40332a-40332e 648->653 657 403311 649->657 658 403314-40331d call 403331 649->658 650->651 654 4032d3 650->654 651->653 655 4031d3 652->655 656 4031d6-4031e4 call 403331 652->656 659 4032d6-4032dc 654->659 655->656 656->645 668 4031ea-4031f3 656->668 657->658 658->645 666 403324 658->666 663 4032e0-4032ee call 403331 659->663 664 4032de 659->664 663->645 671 4032f0-4032f5 call 405e62 663->671 664->663 666->651 670 4031f9-403219 call 4067f5 668->670 676 4032c2-4032c4 670->676 677 40321f-403232 GetTickCount 670->677 675 4032fa-4032fc 671->675 678 4032c6-4032c8 675->678 679 4032fe-403308 675->679 676->648 680 403234-40323c 677->680 681 40327d-40327f 677->681 678->648 679->659 684 40330a 679->684 685 403244-40327a MulDiv wsprintfW call 405322 680->685 686 40323e-403242 680->686 682 403281-403285 681->682 683 4032b6-4032ba 681->683 688 403287-40328e call 405e62 682->688 689 40329c-4032a7 682->689 683->652 690 4032c0 683->690 684->651 685->681 686->681 686->685 694 403293-403295 688->694 693 4032aa-4032ae 689->693 690->651 693->670 695 4032b4 693->695 694->678 696 403297-40329a 694->696 695->651 696->693
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CountTick$wsprintf
                                                                                                                                                                                                                                                                      • String ID: ... %d%%
                                                                                                                                                                                                                                                                      • API String ID: 551687249-2449383134
                                                                                                                                                                                                                                                                      • Opcode ID: 791be84a4dbf0ce6e2b89685bbb0426d8c944effbebd544c9fcf1485a6d681ca
                                                                                                                                                                                                                                                                      • Instruction ID: f437ad28db75119c3a693f92e670aa5c34007c7df9fe8e0debaece40423bbb79
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 791be84a4dbf0ce6e2b89685bbb0426d8c944effbebd544c9fcf1485a6d681ca
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0D517D71900219DBDB10DF66EA44AAE7BB8AB04356F54417FEC14B72C0CB388A51CBA9
                                                                                                                                                                                                                                                                      Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 697 401c1f-401c3f call 402c1f * 2 702 401c41-401c48 call 402c41 697->702 703 401c4b-401c4f 697->703 702->703 704 401c51-401c58 call 402c41 703->704 705 401c5b-401c61 703->705 704->705 708 401c63-401c7f call 402c1f * 2 705->708 709 401caf-401cd9 call 402c41 * 2 FindWindowExW 705->709 721 401c81-401c9d SendMessageTimeoutW 708->721 722 401c9f-401cad SendMessageW 708->722 720 401cdf 709->720 723 401ce2-401ce5 720->723 721->723 722->720 724 402ac5-402ad4 723->724 725 401ceb 723->725 725->724
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C8F
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA7
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: MessageSend$Timeout
                                                                                                                                                                                                                                                                      • String ID: !
                                                                                                                                                                                                                                                                      • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                                                                      • Opcode ID: 3fb84e4798befa08d55ab41dd677560f87883767086f956b8989b4831fa63046
                                                                                                                                                                                                                                                                      • Instruction ID: 1af55e8da281c8781352e9764615226c40e2312ccaecb42dabcb88ef8baddf82
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3fb84e4798befa08d55ab41dd677560f87883767086f956b8989b4831fa63046
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5621C371948209AEEF049FB5DE4AABE7BB4EF84304F14443EF605B61D0D7B889809B19
                                                                                                                                                                                                                                                                      Function 004023E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 728 4023e4-402415 call 402c41 * 2 call 402cd1 735 402ac5-402ad4 728->735 736 40241b-402425 728->736 737 402427-402434 call 402c41 lstrlenW 736->737 738 402438-40243b 736->738 737->738 740 40243d-40244e call 402c1f 738->740 741 40244f-402452 738->741 740->741 745 402463-402477 RegSetValueExW 741->745 746 402454-40245e call 403116 741->746 750 402479 745->750 751 40247c-40255d RegCloseKey 745->751 746->745 750->751 751->735
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nszB3DC.tmp,00000023,00000011,00000002), ref: 0040242F
                                                                                                                                                                                                                                                                      • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nszB3DC.tmp,00000000,00000011,00000002), ref: 0040246F
                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nszB3DC.tmp,00000000,00000011,00000002), ref: 00402557
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CloseValuelstrlen
                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp
                                                                                                                                                                                                                                                                      • API String ID: 2655323295-1148382729
                                                                                                                                                                                                                                                                      • Opcode ID: 1af8095f3c9504d2ce798825688ccba5ec512a5a8ae6ba4a7bc3247cfd6f00f3
                                                                                                                                                                                                                                                                      • Instruction ID: a703f9f7a84a81219e2528cb215680d2185ac4e531b753f9c0eacf199e84c27d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1af8095f3c9504d2ce798825688ccba5ec512a5a8ae6ba4a7bc3247cfd6f00f3
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF118471D00104BEEB10AFA5DE89EAEBA74AB44754F11803BF504F71D1D7F48D409B29
                                                                                                                                                                                                                                                                      Function 004057F1 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 753 4057f1-40583c CreateDirectoryW 754 405842-40584f GetLastError 753->754 755 40583e-405840 753->755 756 405869-40586b 754->756 757 405851-405865 SetFileSecurityW 754->757 755->756 757->755 758 405867 GetLastError 757->758 758->756
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405834
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00405848
                                                                                                                                                                                                                                                                      • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 0040585D
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32 ref: 00405867
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3449924974-0
                                                                                                                                                                                                                                                                      • Opcode ID: 817c7eeb2e6ade2cce28f3b9d2e4670c9c7091e2f59c9eba6f9578a5288f1365
                                                                                                                                                                                                                                                                      • Instruction ID: d156970015101e62572267df52bf1fb018b172c5ebb67f048bc3511340661aba
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 817c7eeb2e6ade2cce28f3b9d2e4670c9c7091e2f59c9eba6f9578a5288f1365
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB010872D00219EADF009FA1C944BEFBBB8EF14304F00803AE945B6280D7789618CFA9
                                                                                                                                                                                                                                                                      Function 00405C97 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 759 405c97-405cb2 call 4062ba call 405c3a 764 405cb4-405cb6 759->764 765 405cb8-405cc5 call 40654e 759->765 766 405d10-405d12 764->766 769 405cd5-405cd9 765->769 770 405cc7-405ccd 765->770 772 405cef-405cf8 lstrlenW 769->772 770->764 771 405ccf-405cd3 770->771 771->764 771->769 773 405cfa-405d0e call 405b8f GetFileAttributesW 772->773 774 405cdb-405ce2 call 4065fd 772->774 773->766 779 405ce4-405ce7 774->779 780 405ce9-405cea call 405bdb 774->780 779->764 779->780 780->772
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 004062BA: lstrcpynW.KERNEL32(?,?,00002000,00403460,00472EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 004062C7
                                                                                                                                                                                                                                                                        • Part of subcall function 00405C3A: CharNextW.USER32(?,?,00464250,?,00405CAE,00464250,00464250,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420,00000000), ref: 00405C48
                                                                                                                                                                                                                                                                        • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C4D
                                                                                                                                                                                                                                                                        • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C65
                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(00464250,00000000,00464250,00464250,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420,00000000), ref: 00405CF0
                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNELBASE(00464250,00464250,00464250,00464250,00464250,00464250,00000000,00464250,00464250,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420), ref: 00405D00
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                                                                      • String ID: PBF
                                                                                                                                                                                                                                                                      • API String ID: 3248276644-3456974464
                                                                                                                                                                                                                                                                      • Opcode ID: 1236b3014a845ece28ca986cac263987dd07c4e4a123605a37d0802bd6a8cdf3
                                                                                                                                                                                                                                                                      • Instruction ID: 4e01e145a0ed536ad24acc563e8a85444835dd946e40d448b56664b374cc0476
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1236b3014a845ece28ca986cac263987dd07c4e4a123605a37d0802bd6a8cdf3
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 21F0F43500DF6125F626333A1C45AAF2555CE82328B6A057FFC62B12D2DA3C89539D7E
                                                                                                                                                                                                                                                                      Function 00405DDF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                                                      control_flow_graph 782 405ddf-405deb 783 405dec-405e20 GetTickCount GetTempFileNameW 782->783 784 405e22-405e24 783->784 785 405e2f-405e31 783->785 784->783 786 405e26 784->786 787 405e29-405e2c 785->787 786->787
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00405DFD
                                                                                                                                                                                                                                                                      • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,004CB000,0040338D,004DB000,004DF000,004DF000,004DF000,004DF000,004DF000,74DF3420,004035D9), ref: 00405E18
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                      • String ID: nsa
                                                                                                                                                                                                                                                                      • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                      • Opcode ID: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                                                                                                                                                                                                      • Instruction ID: af8b6ba947558e1b0daa3aed001b6e0f80e178ffca66ecedc63f3e0829e9a41e
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61F03076A00304FBEB009F69ED05E9FB7BCEB95710F10803AE941E7250E6B09A548B64
                                                                                                                                                                                                                                                                      Function 00402032 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 0040205D
                                                                                                                                                                                                                                                                        • Part of subcall function 00405322: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                                                                                                                                                                                                                                        • Part of subcall function 00405322: lstrlenW.KERNEL32(0040327A,Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                                                                                                                                                                                                                                        • Part of subcall function 00405322: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\,0040327A,0040327A,Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\,00000000,0042CE00,74DF23A0), ref: 0040537D
                                                                                                                                                                                                                                                                        • Part of subcall function 00405322: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\), ref: 0040538F
                                                                                                                                                                                                                                                                        • Part of subcall function 00405322: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                                                                                                                                                                                                                                        • Part of subcall function 00405322: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                                                                                                                                                                                                                                        • Part of subcall function 00405322: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                                                                                                                                                                                                                                                      • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040206E
                                                                                                                                                                                                                                                                      • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 004020EB
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 334405425-0
                                                                                                                                                                                                                                                                      • Opcode ID: 72a5e19f9697d1318c9a310d29b5b60265bfdb2e952e74c10cb73e1909f0eb38
                                                                                                                                                                                                                                                                      • Instruction ID: 3abd81b96889d1c7eb1cceed2e7b5e281284f1a6e6a9a5ff44b88a827c8e1d1c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72a5e19f9697d1318c9a310d29b5b60265bfdb2e952e74c10cb73e1909f0eb38
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8821B071D00205AACF20AFA5CE48A9E7A70BF04358F60413BF511B11E0DBBD8981DA6E
                                                                                                                                                                                                                                                                      Function 00401B77 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GlobalFree.KERNELBASE(0069D2C0), ref: 00401BE7
                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNELBASE(00000040,00004004), ref: 00401BF9
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Global$AllocFree
                                                                                                                                                                                                                                                                      • String ID: ExecShellAsUser
                                                                                                                                                                                                                                                                      • API String ID: 3394109436-869331269
                                                                                                                                                                                                                                                                      • Opcode ID: 0ee5b69d2cfb3a0a2e0f3aae0319e9b1983c649d140d642359d16bc307d41886
                                                                                                                                                                                                                                                                      • Instruction ID: 2ffc4b8e8b305263ff1bfe934f744a2e7f0909984677ca7ca3d2d917788d1148
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ee5b69d2cfb3a0a2e0f3aae0319e9b1983c649d140d642359d16bc307d41886
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52210A76600100ABCB10FF95CE8499E73A8EB48318BA4443FF506F32D0DB78A852DB6D
                                                                                                                                                                                                                                                                      Function 00402259 Relevance: 4.6, APIs: 3, Instructions: 51stringCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 004065FD: FindFirstFileW.KERNELBASE(004DF000,00468298,00464250,00405CE0,00464250,00464250,00000000,00464250,00464250,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420), ref: 00406608
                                                                                                                                                                                                                                                                        • Part of subcall function 004065FD: FindClose.KERNELBASE(00000000), ref: 00406614
                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32 ref: 00402299
                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(00000000), ref: 004022A4
                                                                                                                                                                                                                                                                      • SHFileOperationW.SHELL32(?,?,?,00000000), ref: 004022CD
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FileFindlstrlen$CloseFirstOperation
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1486964399-0
                                                                                                                                                                                                                                                                      • Opcode ID: 29d6f0bed4bd2d50b69dd1226e545e03bb95794d8620927361660d91590f24b0
                                                                                                                                                                                                                                                                      • Instruction ID: edc96df04b91ed766a503f65766f364d086ea8d205cfe5bb15309c141496b913
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29d6f0bed4bd2d50b69dd1226e545e03bb95794d8620927361660d91590f24b0
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 57117071900318A6DB10EFF98E4999EB7B8AF04344F50443FB805F72D1D6B8C4419B59
                                                                                                                                                                                                                                                                      Function 00405984 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00405D8B: GetFileAttributesW.KERNELBASE(?,?,00405990,?,?,00000000,00405B66,?,?,?,?), ref: 00405D90
                                                                                                                                                                                                                                                                        • Part of subcall function 00405D8B: SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405DA4
                                                                                                                                                                                                                                                                      • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405B66), ref: 0040599F
                                                                                                                                                                                                                                                                      • DeleteFileW.KERNELBASE(?,?,?,00000000,00405B66), ref: 004059A7
                                                                                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,00000000), ref: 004059BF
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1655745494-0
                                                                                                                                                                                                                                                                      • Opcode ID: 280825f6b60181aa2d378306bbdc3da53de5ab3d89a200e418c4f7b9ea6af3cc
                                                                                                                                                                                                                                                                      • Instruction ID: 825022a906987a8d14f11fb4079f6fb6242afe5a54bc5f1377d2c32e3c215ab4
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 280825f6b60181aa2d378306bbdc3da53de5ab3d89a200e418c4f7b9ea6af3cc
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D1E0E5B1119F5096D21067349A0CB5B2AA4DF86334F05093AF891F11C0DB3844068EBE
                                                                                                                                                                                                                                                                      Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                        • Part of subcall function 00405C3A: CharNextW.USER32(?,?,00464250,?,00405CAE,00464250,00464250,004DF000,?,74DF3420,004059EC,?,004DF000,74DF3420,00000000), ref: 00405C48
                                                                                                                                                                                                                                                                        • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C4D
                                                                                                                                                                                                                                                                        • Part of subcall function 00405C3A: CharNextW.USER32(00000000), ref: 00405C65
                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                                                                                                        • Part of subcall function 004057F1: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405834
                                                                                                                                                                                                                                                                      • SetCurrentDirectoryW.KERNELBASE(?,004D3000,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1892508949-0
                                                                                                                                                                                                                                                                      • Opcode ID: 125bac33416d21a80fc522b842b933099275dd0dd1ea66691da55d5ffdcd1f5d
                                                                                                                                                                                                                                                                      • Instruction ID: 536d45c59d08a7b21130d9dbd5b0e10796a041e4a40079992e14d28e29d42f71
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 125bac33416d21a80fc522b842b933099275dd0dd1ea66691da55d5ffdcd1f5d
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2211E231504505EBCF30AFA1CD0159F36A0EF14369B28493BFA45B22F1DB3E8A919B5E
                                                                                                                                                                                                                                                                      Function 00402484 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024B5
                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nszB3DC.tmp,00000000,00000011,00000002), ref: 00402557
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CloseQueryValue
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3356406503-0
                                                                                                                                                                                                                                                                      • Opcode ID: 8c6ae37f0c00b40db9a7f0b8771259aad396ca2ebfe9c6ecab15c5ec5bd387db
                                                                                                                                                                                                                                                                      • Instruction ID: 1206e07bb255176646816810ef0290bee69920d7ecde6c9ccbb84b14c6b4306b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c6ae37f0c00b40db9a7f0b8771259aad396ca2ebfe9c6ecab15c5ec5bd387db
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E311A771D10205EBDF14DFA4CA585AE77B4EF44348B20843FE505B72C0D6B89A41EB5E
                                                                                                                                                                                                                                                                      Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                      • Opcode ID: be076caaca7df3d109edefedbdc7bfa3a965653d784c315eb79774cf5cfe89e5
                                                                                                                                                                                                                                                                      • Instruction ID: ea42f58d7670a619ed9131e80823b54190387dbc53765a55c310ef4228f9fff3
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: be076caaca7df3d109edefedbdc7bfa3a965653d784c315eb79774cf5cfe89e5
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF0128316202109BE7095B789E04B2A3798E710315F10463FF855F62F1D6B8CC829B5C
                                                                                                                                                                                                                                                                      Function 004053F5 Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • OleInitialize.OLE32(00000000), ref: 00405405
                                                                                                                                                                                                                                                                        • Part of subcall function 0040427D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040428F
                                                                                                                                                                                                                                                                      • CoUninitialize.COMBASE(00000404,00000000), ref: 00405451
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: InitializeMessageSendUninitialize
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2896919175-0
                                                                                                                                                                                                                                                                      • Opcode ID: a1f8c397b5266fa352d60afbf9b4c77fa9abc53c67a054b05b22dcb893a39c3f
                                                                                                                                                                                                                                                                      • Instruction ID: 7813e2a1ccdf537c56c01956b79198a0443dbd649336f33e6835a7e221d2fb99
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a1f8c397b5266fa352d60afbf9b4c77fa9abc53c67a054b05b22dcb893a39c3f
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ABF090B25406009BE7015B549D01BAB7760EFD431AF05443EFF89B22E0D77948928E6E
                                                                                                                                                                                                                                                                      Function 00401E49 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000000), ref: 00401E67
                                                                                                                                                                                                                                                                      • EnableWindow.USER32(00000000,00000000), ref: 00401E72
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Window$EnableShow
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1136574915-0
                                                                                                                                                                                                                                                                      • Opcode ID: 87f8232cb56b7a5d6ce9856bfa50bd061077f9975d19b3a51d23438555d97d86
                                                                                                                                                                                                                                                                      • Instruction ID: fc8c1c2e7d4a5a8f9e35cd12a8e681b154a8316ed36a6d041aa31def844ca7e2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 87f8232cb56b7a5d6ce9856bfa50bd061077f9975d19b3a51d23438555d97d86
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61E01A72E082008FE724ABA5AA495AD77B4EB90365B20847FE211F11D1DA7858819F6A
                                                                                                                                                                                                                                                                      Function 00406694 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetModuleHandleA.KERNEL32(?,00000020,?,00403401,0000000A), ref: 004066A6
                                                                                                                                                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 004066C1
                                                                                                                                                                                                                                                                        • Part of subcall function 00406624: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 0040663B
                                                                                                                                                                                                                                                                        • Part of subcall function 00406624: wsprintfW.USER32 ref: 00406676
                                                                                                                                                                                                                                                                        • Part of subcall function 00406624: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 0040668A
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2547128583-0
                                                                                                                                                                                                                                                                      • Opcode ID: 2c450699f5e5c6ed5e41876474a170b73f17b01a65d70064c3ee9ca103cb2d45
                                                                                                                                                                                                                                                                      • Instruction ID: 155b38c425e345f43688a0673e138072f65e923c2ca09dacbbabb210d44f0fbf
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c450699f5e5c6ed5e41876474a170b73f17b01a65d70064c3ee9ca103cb2d45
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 50E0863250461156D31197709E4487762EC9B95750307483EF946F2091DB399C36A66D
                                                                                                                                                                                                                                                                      Function 00403915 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • FreeLibrary.KERNELBASE(?,004DF000,00000000,74DF3420,004038ED,00403703,00000006,?,00000006,00000008,0000000A), ref: 0040392F
                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 00403936
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1100898210-0
                                                                                                                                                                                                                                                                      • Opcode ID: bd7b370b1f223a5589d226506ef49f546026ce3eccc4315b581019b2d362f361
                                                                                                                                                                                                                                                                      • Instruction ID: 228f896298dd83b048f64e6024dd5859bf02c68f9830d759f3998b57695c5827
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bd7b370b1f223a5589d226506ef49f546026ce3eccc4315b581019b2d362f361
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12E0C2334122205BC6215F04ED08B5A776CAF49B32F15407AFA807B2A087B81C928FC8
                                                                                                                                                                                                                                                                      Function 00405DB0 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNELBASE(004E7000,00402F1D,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405DB4
                                                                                                                                                                                                                                                                      • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DD6
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 415043291-0
                                                                                                                                                                                                                                                                      • Opcode ID: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                                                                                                                                                                                                      • Instruction ID: 684cdbd871a87963be1dc25f749e3f1c2e3aca1a790447dc63e6e481d8426dbe
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5DD09E31254301AFEF098F20DE16F2EBBA2EB84B05F11552CB786940E0DA7158199B15
                                                                                                                                                                                                                                                                      Function 00405D8B Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetFileAttributesW.KERNELBASE(?,?,00405990,?,?,00000000,00405B66,?,?,?,?), ref: 00405D90
                                                                                                                                                                                                                                                                      • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405DA4
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: AttributesFile
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                      • Opcode ID: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                                                                                                                                                                                                      • Instruction ID: fe430eedc911e7c92ce83e5abbc00e08444bb0e311ec0623c818608bfa408f6d
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1BD0C972504420ABD2512728AF0C89BBB95DB542717028B39FAA9A22B0CB304C568A98
                                                                                                                                                                                                                                                                      Function 0040586E Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CreateDirectoryW.KERNELBASE(?,00000000,00403382,004DF000,004DF000,004DF000,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 00405874
                                                                                                                                                                                                                                                                      • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 00405882
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1375471231-0
                                                                                                                                                                                                                                                                      • Opcode ID: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                                                                                                                                                                                                      • Instruction ID: b5712d1dc6f90c91938fb9970759bfac189bcafefc635788875416fd9ee2894b
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2FC04C712155019ED7546F619F08B277A50EB60781F158839A946E10E0DB348465ED2D
                                                                                                                                                                                                                                                                      Function 00406155 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CF2,00000000,?,?), ref: 0040617E
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Create
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2289755597-0
                                                                                                                                                                                                                                                                      • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                                                                                                                                                      • Instruction ID: dcb86bc894ab99bc20e37dc8a6176b737b641c0fdee4176656c7f25b47436c56
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75E0E6B2110109BEEF195F50DD0AD7B375DE704304F01452EFA06D4091E6B5AD315634
                                                                                                                                                                                                                                                                      Function 00405E62 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,004032FA,000000FF,00428200,?,00428200,?,?,00000004,00000000), ref: 00405E76
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FileWrite
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3934441357-0
                                                                                                                                                                                                                                                                      • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                                                                                                                                                      • Instruction ID: 8754e0b6f25d564075f0081c534dd79b85a2df0f0bc88b3642164a4a3ec1e455
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: FDE0B63221065AAFDF109F95DC00AAB7B6CEB052A0F044437FD59E7150D671EA21DAE4
                                                                                                                                                                                                                                                                      Function 00405E33 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,00403344,00000000,00000000,00403168,?,00000004,00000000,00000000,00000000), ref: 00405E47
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FileRead
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                      • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                                                                                                                                                      • Instruction ID: bd732019988057c431ec21c3a2c50b1292625b962aa4d7912315599e48db2a91
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9E08C3220021AABCF20AF54DC00FEB3B6CEB05760F004832FD65E6040E230EA219BE8
                                                                                                                                                                                                                                                                      Function 00406127 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,004061B5,?,00000000,?,?,Remove folder: ,?), ref: 0040614B
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Open
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 71445658-0
                                                                                                                                                                                                                                                                      • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                                                                                                                                                      • Instruction ID: b908bd292ce434c6339c018d18c1e3bfafdd2f7559b63d477f04a141d62eba1a
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94D0123214020DFBDF119E909D01FAB775DAB08350F014426FE06A9191D776D530AB14
                                                                                                                                                                                                                                                                      Function 00404231 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • SetDlgItemTextW.USER32(?,?,00000000), ref: 0040424B
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ItemText
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3367045223-0
                                                                                                                                                                                                                                                                      • Opcode ID: fbaad98f197721c3337b4145f660dfcccd1462cc21775b0cc75c291dee439915
                                                                                                                                                                                                                                                                      • Instruction ID: 58c8b0ee816a9f079cb4560b894257bfb9dfa06490f5d5235509ae25e2c95a64
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fbaad98f197721c3337b4145f660dfcccd1462cc21775b0cc75c291dee439915
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79C04C76148300BFD681BB55CC42F1FB79DEF94315F44C52EB59CA11E2C63A84309B26
                                                                                                                                                                                                                                                                      Function 0040427D Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040428F
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                      • Opcode ID: df53f0ac968c80b2573d185eedc41732bb4466fa0b660203ffcc6a72f8356a2c
                                                                                                                                                                                                                                                                      • Instruction ID: 539d97cecbd0a6245bb22c05259f77f590d4a0b0d5c0f28d123e3a53dcb21da8
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: df53f0ac968c80b2573d185eedc41732bb4466fa0b660203ffcc6a72f8356a2c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C6C09BB27403007BDE11CB909E49F1777545790740F18447DB348F51E0D6B4D490D61C
                                                                                                                                                                                                                                                                      Function 00403347 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • SetFilePointer.KERNELBASE(?,00000000,00000000,004030A4,?,?,00000006,00000008,0000000A), ref: 00403355
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FilePointer
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 973152223-0
                                                                                                                                                                                                                                                                      • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                                                                                                                                                      • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                                                                                                                                                                                                                                      Function 00404266 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000028,?,00000001,00404091), ref: 00404274
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                      • Opcode ID: 916ba585e608d634958797641490031ceb4b368d387894d1e0aab50b7c43ae9e
                                                                                                                                                                                                                                                                      • Instruction ID: 80b1fa8ab317a3fb83bf0bb9afc1fcb2ede285a6b5c9b7890d3d6fe7da01b763
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 916ba585e608d634958797641490031ceb4b368d387894d1e0aab50b7c43ae9e
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69B092361C4600AAEE118B50DE49F497A62E7A4702F008138B244640B0CAB200E0DB09
                                                                                                                                                                                                                                                                      Function 00404253 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,0040402A), ref: 0040425D
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                      • Opcode ID: ea082ecd867c03a11dfd78164402b3a9c9d6e2ba96aa803d9d5c73deeff3904d
                                                                                                                                                                                                                                                                      • Instruction ID: 6a6b83ba7992c3eb947fe44f0607646ae594aefa1fc7371f7d6a783f6fb0b7b0
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ea082ecd867c03a11dfd78164402b3a9c9d6e2ba96aa803d9d5c73deeff3904d
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4EA002754445019BCF015B50DF098057A61F7A4701B114479B5555103596314860EB19
                                                                                                                                                                                                                                                                      Function 004038D0 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(FFFFFFFF,00403703,00000006,?,00000006,00000008,0000000A), ref: 004038DB
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CloseHandle
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                      • Opcode ID: 6cd6e50f5f17456ee504dea1d279a22ffa05636b30f87aa31bf8984a95f31d7c
                                                                                                                                                                                                                                                                      • Instruction ID: f79f1cdd038f729e9031bf35a7c7ad7adb8aafebcc14ea038f42f7e62efb972e
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6cd6e50f5f17456ee504dea1d279a22ffa05636b30f87aa31bf8984a95f31d7c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 69C0127054070496C1206F759D4F6193E54AB8173BB604776B0B8B10F1C77C4B59595E

                                                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                                                      Function 00404C9E Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003F9), ref: 00404CB6
                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,00000408), ref: 00404CC1
                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 00404D0B
                                                                                                                                                                                                                                                                      • LoadBitmapW.USER32(0000006E), ref: 00404D1E
                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000FC,00405296), ref: 00404D37
                                                                                                                                                                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D4B
                                                                                                                                                                                                                                                                      • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404D5D
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001109,00000002), ref: 00404D73
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D7F
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D91
                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00404D94
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404DBF
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404DCB
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E61
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E8C
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404EA0
                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00404ECF
                                                                                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404EDD
                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000005), ref: 00404EEE
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404FEB
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00405050
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405065
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405089
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004050A9
                                                                                                                                                                                                                                                                      • ImageList_Destroy.COMCTL32(?), ref: 004050BE
                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 004050CE
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405147
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001102,?,?), ref: 004051F0
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004051FF
                                                                                                                                                                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 0040521F
                                                                                                                                                                                                                                                                      • ShowWindow.USER32(?,00000000), ref: 0040526D
                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003FE), ref: 00405278
                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000), ref: 0040527F
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                                                                      • String ID: $M$N
                                                                                                                                                                                                                                                                      • API String ID: 1638840714-813528018
                                                                                                                                                                                                                                                                      • Opcode ID: 21818fa51d6b588aeca07265a4b81a3a3b935111f3ce34767c97606af49217ff
                                                                                                                                                                                                                                                                      • Instruction ID: 350e9793ba1948ff1935c4af006ad7833f39553502bf8ecbcf91bc97059cc7bb
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 21818fa51d6b588aeca07265a4b81a3a3b935111f3ce34767c97606af49217ff
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C0281B0900209AFDB10DFA4DD85AAE7BB5FB44314F10417AF614BA2E1C7799D92CF58
                                                                                                                                                                                                                                                                      Function 00404722 Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 275stringCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003FB), ref: 00404771
                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 0040479B
                                                                                                                                                                                                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 0040484C
                                                                                                                                                                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 00404857
                                                                                                                                                                                                                                                                      • lstrcmpiW.KERNEL32(Remove folder: ,00450248,00000000,?,?), ref: 00404889
                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(?,Remove folder: ), ref: 00404895
                                                                                                                                                                                                                                                                      • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004048A7
                                                                                                                                                                                                                                                                        • Part of subcall function 00405904: GetDlgItemTextW.USER32(?,?,00002000,004048DE), ref: 00405917
                                                                                                                                                                                                                                                                        • Part of subcall function 0040654E: CharNextW.USER32(?,*?|<>/":,00000000,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065B1
                                                                                                                                                                                                                                                                        • Part of subcall function 0040654E: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004065C0
                                                                                                                                                                                                                                                                        • Part of subcall function 0040654E: CharNextW.USER32(?,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065C5
                                                                                                                                                                                                                                                                        • Part of subcall function 0040654E: CharPrevW.USER32(?,?,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065D8
                                                                                                                                                                                                                                                                      • GetDiskFreeSpaceW.KERNEL32(00440218,?,?,0000040F,?,00440218,00440218,?,00000001,00440218,?,?,000003FB,?), ref: 0040496A
                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404985
                                                                                                                                                                                                                                                                        • Part of subcall function 00404ADE: lstrlenW.KERNEL32(00450248,00450248,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B7F
                                                                                                                                                                                                                                                                        • Part of subcall function 00404ADE: wsprintfW.USER32 ref: 00404B88
                                                                                                                                                                                                                                                                        • Part of subcall function 00404ADE: SetDlgItemTextW.USER32(?,00450248), ref: 00404B9B
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                      • String ID: A$Remove folder:
                                                                                                                                                                                                                                                                      • API String ID: 2624150263-1936035403
                                                                                                                                                                                                                                                                      • Opcode ID: d9ff5aa2ff53ffbe0c3723e23dc604a8a31f393e15f5d8e1a009d79f52351d08
                                                                                                                                                                                                                                                                      • Instruction ID: aec38ac33e169681c2ce75898e964705c21f391e9d8eef84a8e49708370a7c65
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9ff5aa2ff53ffbe0c3723e23dc604a8a31f393e15f5d8e1a009d79f52351d08
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0CA173B1900208ABDB11AFA5CD45AAF77B8EF84314F10847BF605B62D1D77C99418F6D
                                                                                                                                                                                                                                                                      Function 00402868 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402877
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: FileFindFirst
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1974802433-0
                                                                                                                                                                                                                                                                      • Opcode ID: 54b460b755f9bf27e46ac1d39a8a1124328dc74cebdc85c095498b08f8838b6a
                                                                                                                                                                                                                                                                      • Instruction ID: 11d43fc069a5ea90b0fea77c2c23c6da8a8dfc92bb9fdb714ff4c9b8b345b962
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 54b460b755f9bf27e46ac1d39a8a1124328dc74cebdc85c095498b08f8838b6a
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9BF08271A14104EFDB00EBA4DA499ADB378EF04314F6045BBF515F21D1DBB45D909B2A
                                                                                                                                                                                                                                                                      Function 00406B15 Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: 9639f9c0007cb4c124acbb6985d7f6f1a05031d6bc3fffd11e08744ca1378656
                                                                                                                                                                                                                                                                      • Instruction ID: 703def0becceeecb9d8561ea32c53bcab4b84ebc773a8a1d0b412cad538f794c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9639f9c0007cb4c124acbb6985d7f6f1a05031d6bc3fffd11e08744ca1378656
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1EE1797190470ADFDB24CF99C880BAAB7F5FF44305F15852EE497A7291E378AA91CB04
                                                                                                                                                                                                                                                                      Function 004072EC Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                                                      • Opcode ID: 0e4e8af0329ccb159007ad6c77c0af05cb35f857c46231da8f5d0a1659340364
                                                                                                                                                                                                                                                                      • Instruction ID: 59779062152899835760f0dc2f5c49596223a290c6efd11eddd93cbc7c663e45
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e4e8af0329ccb159007ad6c77c0af05cb35f857c46231da8f5d0a1659340364
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0FC15831E04219DBDF18CF68C8905EEBBB2BF88314F25866AC85677380D734A942CF95
                                                                                                                                                                                                                                                                      Function 004043F0 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 0040448E
                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 004044A2
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004044BF
                                                                                                                                                                                                                                                                      • GetSysColor.USER32(?), ref: 004044D0
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004044DE
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004044EC
                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(?), ref: 004044F1
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004044FE
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404513
                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,0000040A), ref: 0040456C
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000), ref: 00404573
                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,000003E8), ref: 0040459E
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004045E1
                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 004045EF
                                                                                                                                                                                                                                                                      • SetCursor.USER32(00000000), ref: 004045F2
                                                                                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 0040460B
                                                                                                                                                                                                                                                                      • SetCursor.USER32(00000000), ref: 0040460E
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040463D
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040464F
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                                                                                                      • String ID: N$Remove folder: $gC@
                                                                                                                                                                                                                                                                      • API String ID: 3103080414-3559505530
                                                                                                                                                                                                                                                                      • Opcode ID: 96cce4fce431ccadf5917f17b99feddee1f1d895ae547b1ae29d71d99e1dfbb5
                                                                                                                                                                                                                                                                      • Instruction ID: 3402c350d7270d9961c63d8365249516a5ebc70a9ec23ab72cb453283ebd69b0
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 96cce4fce431ccadf5917f17b99feddee1f1d895ae547b1ae29d71d99e1dfbb5
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7761BEB1900209BFDB009F60DD85EAA7B69FB85305F00843AF705B62D0D77D9961CF99
                                                                                                                                                                                                                                                                      Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                                                                      • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                                                                      • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                                                                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                                                                      • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                                                                      • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                                                                                      • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                                                                      • DrawTextW.USER32(00000000,00472EE0,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                                                                      • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                                                                      • String ID: F
                                                                                                                                                                                                                                                                      • API String ID: 941294808-1304234792
                                                                                                                                                                                                                                                                      • Opcode ID: bf214f377d6857cb708af565e6f61848071267d92be3f24c40ffd1659e9a65ef
                                                                                                                                                                                                                                                                      • Instruction ID: 4eb8147a30471c2b969484520d7d1b1c24976f3a1718a772f7b725b3b94c1b26
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bf214f377d6857cb708af565e6f61848071267d92be3f24c40ffd1659e9a65ef
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5C418A71800249AFCF058FA5DE459AF7BB9FF44314F00842AF991AA1A0C778D954DFA4
                                                                                                                                                                                                                                                                      Function 00405F06 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,004060A1,?,?), ref: 00405F41
                                                                                                                                                                                                                                                                      • GetShortPathNameW.KERNEL32(?,004688E8,00000400), ref: 00405F4A
                                                                                                                                                                                                                                                                        • Part of subcall function 00405D15: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D25
                                                                                                                                                                                                                                                                        • Part of subcall function 00405D15: lstrlenA.KERNEL32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D57
                                                                                                                                                                                                                                                                      • GetShortPathNameW.KERNEL32(?,004690E8,00000400), ref: 00405F67
                                                                                                                                                                                                                                                                      • wsprintfA.USER32 ref: 00405F85
                                                                                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,004690E8,C0000000,00000004,004690E8,?,?,?,?,?), ref: 00405FC0
                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405FCF
                                                                                                                                                                                                                                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406007
                                                                                                                                                                                                                                                                      • SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,004684E8,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 0040605D
                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 0040606E
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00406075
                                                                                                                                                                                                                                                                        • Part of subcall function 00405DB0: GetFileAttributesW.KERNELBASE(004E7000,00402F1D,004E7000,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405DB4
                                                                                                                                                                                                                                                                        • Part of subcall function 00405DB0: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DD6
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                                                                                      • String ID: %ls=%ls$[Rename]
                                                                                                                                                                                                                                                                      • API String ID: 2171350718-461813615
                                                                                                                                                                                                                                                                      • Opcode ID: b694a888aaf83b7fce4c3b5560ec35c5a1d29ec5cfaa1e3dee45fb0367e4abd5
                                                                                                                                                                                                                                                                      • Instruction ID: 1ccef14564d3a4e3590f6d96bf23d62cdd24cd7414a0bd79904b9c13782922cd
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b694a888aaf83b7fce4c3b5560ec35c5a1d29ec5cfaa1e3dee45fb0367e4abd5
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08312530641B05BBC220AB659D48F6B3AACDF45744F15003FFA42F72C2EB7C98118AAD
                                                                                                                                                                                                                                                                      Function 00405322 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000,?), ref: 0040535A
                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(0040327A,Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\,00000000,0042CE00,74DF23A0,?,?,?,?,?,?,?,?,?,0040327A,00000000), ref: 0040536A
                                                                                                                                                                                                                                                                      • lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\,0040327A,0040327A,Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\,00000000,0042CE00,74DF23A0), ref: 0040537D
                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\), ref: 0040538F
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004053B5
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004053CF
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001013,?,00000000), ref: 004053DD
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                                                                                                      • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\
                                                                                                                                                                                                                                                                      • API String ID: 2531174081-1759447992
                                                                                                                                                                                                                                                                      • Opcode ID: 03d69ce82fc4e5908464ead601bb3ac1f64f2a51dd32175340e58c4215b781fb
                                                                                                                                                                                                                                                                      • Instruction ID: c4a8b4fbc7344707c8dcd13f789004ac01d88f238d1262f53b2d1dabcf784db2
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03d69ce82fc4e5908464ead601bb3ac1f64f2a51dd32175340e58c4215b781fb
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F21A171900518BBCB11AFA5DD849CFBFB9EF45350F10807AF904B62A0C7B94A80DFA8
                                                                                                                                                                                                                                                                      Function 00404298 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000EB), ref: 004042B5
                                                                                                                                                                                                                                                                      • GetSysColor.USER32(00000000), ref: 004042F3
                                                                                                                                                                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 004042FF
                                                                                                                                                                                                                                                                      • SetBkMode.GDI32(?,?), ref: 0040430B
                                                                                                                                                                                                                                                                      • GetSysColor.USER32(?), ref: 0040431E
                                                                                                                                                                                                                                                                      • SetBkColor.GDI32(?,?), ref: 0040432E
                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 00404348
                                                                                                                                                                                                                                                                      • CreateBrushIndirect.GDI32(?), ref: 00404352
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                      • Opcode ID: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                                                                                                                                                      • Instruction ID: a3c6a1d12b74a4a342abaca89036a15a37f51972f1e3113ed1cbee018e9c0b42
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 772156716007059BC724DF78D948B5B77F4AF81710B04893DED96A26E0D734E544CB54
                                                                                                                                                                                                                                                                      Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • ReadFile.KERNEL32(?,?,?,?), ref: 004026B6
                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026F1
                                                                                                                                                                                                                                                                      • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402714
                                                                                                                                                                                                                                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040272A
                                                                                                                                                                                                                                                                        • Part of subcall function 00405E91: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405EA7
                                                                                                                                                                                                                                                                      • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D6
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                                                                                      • String ID: 9
                                                                                                                                                                                                                                                                      • API String ID: 163830602-2366072709
                                                                                                                                                                                                                                                                      • Opcode ID: 14dc679b194e2ee8669cd1598f353bf1a997ac59cdf020ac1a3b5a5ea93b2031
                                                                                                                                                                                                                                                                      • Instruction ID: 75c70889326ed48cf653b65eedce39ba48716a77e36bbd16e72a3e0392bfe49c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 14dc679b194e2ee8669cd1598f353bf1a997ac59cdf020ac1a3b5a5ea93b2031
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C511975D00219AEDF219F95DA88AAEB779FF04304F10443BE901B72D0DBB89982CB58
                                                                                                                                                                                                                                                                      Function 00404BEC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404C07
                                                                                                                                                                                                                                                                      • GetMessagePos.USER32 ref: 00404C0F
                                                                                                                                                                                                                                                                      • ScreenToClient.USER32(?,?), ref: 00404C29
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404C3B
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404C61
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                                                                      • String ID: f
                                                                                                                                                                                                                                                                      • API String ID: 41195575-1993550816
                                                                                                                                                                                                                                                                      • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                                                                                                                                                      • Instruction ID: 457ccdd811883e010b73e4973708530e0d9e00004b69c5e73a61d7a3cd07de8f
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF015271900218BAEB10DBA4DD85BFEBBBCAF95711F10412BBA50B71D0D7B499018BA4
                                                                                                                                                                                                                                                                      Function 00401DB9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetDC.USER32(?), ref: 00401DBC
                                                                                                                                                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD6
                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(00000000,00000000), ref: 00401DDE
                                                                                                                                                                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 00401DEF
                                                                                                                                                                                                                                                                      • CreateFontIndirectW.GDI32(0041E5D0), ref: 00401E3E
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                                                                                                                                                      • String ID: MS Shell Dlg
                                                                                                                                                                                                                                                                      • API String ID: 3808545654-76309092
                                                                                                                                                                                                                                                                      • Opcode ID: 0e1e500c30e805fc948415589c08143fac03f34b0e69f739ebe91b2620e6c296
                                                                                                                                                                                                                                                                      • Instruction ID: 2f87ef527a079fcd98b3174ff93e15f92fad6858fb92d4176ae60913c966d855
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e1e500c30e805fc948415589c08143fac03f34b0e69f739ebe91b2620e6c296
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A01B575604240BFE700ABF1AE0ABDD7FB5AB55309F10887DF641B61E2DA7840458B2D
                                                                                                                                                                                                                                                                      Function 00402DF3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402E11
                                                                                                                                                                                                                                                                      • MulDiv.KERNEL32(04C11CA8,00000064,04C11CAC), ref: 00402E3C
                                                                                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00402E4C
                                                                                                                                                                                                                                                                      • SetWindowTextW.USER32(?,?), ref: 00402E5C
                                                                                                                                                                                                                                                                      • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E6E
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      • verifying installer: %d%%, xrefs: 00402E46
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                      • String ID: verifying installer: %d%%
                                                                                                                                                                                                                                                                      • API String ID: 1451636040-82062127
                                                                                                                                                                                                                                                                      • Opcode ID: 087799c81dd47644162d60d698aafe3a885b0c6ac9c219555e2ca42e9c1670eb
                                                                                                                                                                                                                                                                      • Instruction ID: dfd142ddc65d39fdaa73b229a9921dc7c235b7e072e3123d651e00bd55f03bcf
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 087799c81dd47644162d60d698aafe3a885b0c6ac9c219555e2ca42e9c1670eb
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60014F7164020CABEF209F60DE49FAE3B69AB44304F008439FA06B51E0DBB895558B98
                                                                                                                                                                                                                                                                      Function 004028AD Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402901
                                                                                                                                                                                                                                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 0040291D
                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(?), ref: 00402956
                                                                                                                                                                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00402969
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402981
                                                                                                                                                                                                                                                                      • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402995
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2667972263-0
                                                                                                                                                                                                                                                                      • Opcode ID: ff87bf99e36aab27b6384dee017154e4bdeff7ac382f3b09721b2446f84e6f42
                                                                                                                                                                                                                                                                      • Instruction ID: 85d8fb478e53a7d33050a02afe9876517184a336e4e72b82bbd0c3cba42884f9
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff87bf99e36aab27b6384dee017154e4bdeff7ac382f3b09721b2446f84e6f42
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D121AEB1800128BBDF116FA5DE89DDE7E79EF08364F14423AF960762E0CB794C418B98
                                                                                                                                                                                                                                                                      Function 0040654E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CharNextW.USER32(?,*?|<>/":,00000000,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065B1
                                                                                                                                                                                                                                                                      • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004065C0
                                                                                                                                                                                                                                                                      • CharNextW.USER32(?,00000000,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065C5
                                                                                                                                                                                                                                                                      • CharPrevW.USER32(?,?,004DF000,004DF000,004CB000,0040336A,004DF000,74DF3420,004035D9,?,00000006,00000008,0000000A), ref: 004065D8
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                      • String ID: *?|<>/":
                                                                                                                                                                                                                                                                      • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                      • Opcode ID: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                                                                                                                                                                                                                      • Instruction ID: 36fae6fd7d65e337959ab81909abbfc549fe516cf0b4c9ff473ab524d2c4c229
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B611B65580061279DB302B14BC40EB762F8EF54764F56403FED86732C8EBBC5C9292AD
                                                                                                                                                                                                                                                                      Function 00402598 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nszB3DC.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\StdUtils.dll,00002000,?,?,00000021), ref: 004025E8
                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\StdUtils.dll,?,?,C:\Users\user\AppData\Local\Temp\nszB3DC.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\StdUtils.dll,00002000,?,?,00000021), ref: 004025F3
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ByteCharMultiWidelstrlen
                                                                                                                                                                                                                                                                      • String ID: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp$C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\StdUtils.dll
                                                                                                                                                                                                                                                                      • API String ID: 3109718747-800205506
                                                                                                                                                                                                                                                                      • Opcode ID: 991fae946bdf019a7c315e2a20c045ecd4589044c4e58f1009f440a7fe048d5b
                                                                                                                                                                                                                                                                      • Instruction ID: b23dc685b5da5394ac89c8ab13f2cbf985e24fd8d9932a4f5164fd221fdd45c5
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 991fae946bdf019a7c315e2a20c045ecd4589044c4e58f1009f440a7fe048d5b
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76110B72A04201BADB146FF18E89A9F76659F44398F204C3FF102F61D1EAFC89415B5D
                                                                                                                                                                                                                                                                      Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • GetDlgItem.USER32(?,?), ref: 00401D63
                                                                                                                                                                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 00401D70
                                                                                                                                                                                                                                                                      • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D91
                                                                                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D9F
                                                                                                                                                                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00401DAE
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 1849352358-0
                                                                                                                                                                                                                                                                      • Opcode ID: aa13740a01abf0a12383255fbb6bacfc07128faef757ca7dce2eb0223a04ec7c
                                                                                                                                                                                                                                                                      • Instruction ID: d9fd13ec482603559a9c09f77eb5ae76b99fbdc016b4c624d38ebcad95bf5f4c
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aa13740a01abf0a12383255fbb6bacfc07128faef757ca7dce2eb0223a04ec7c
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28F0FF72A04518AFDB01DBE4DF88CEEB7BCEB48341B14047AF641F61A0CA749D519B78
                                                                                                                                                                                                                                                                      Function 00404ADE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • lstrlenW.KERNEL32(00450248,00450248,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B7F
                                                                                                                                                                                                                                                                      • wsprintfW.USER32 ref: 00404B88
                                                                                                                                                                                                                                                                      • SetDlgItemTextW.USER32(?,00450248), ref: 00404B9B
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                                                                      • String ID: %u.%u%s%s
                                                                                                                                                                                                                                                                      • API String ID: 3540041739-3551169577
                                                                                                                                                                                                                                                                      • Opcode ID: c75ab1504dd8104253bdc04bf71218fd338cad173e8ef5afb4fab122f1cee964
                                                                                                                                                                                                                                                                      • Instruction ID: 65d6ef813479b3ccfd969ec0db039784a4d8c6b5967a53089d3579ec78c560c8
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c75ab1504dd8104253bdc04bf71218fd338cad173e8ef5afb4fab122f1cee964
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 401193736041282ADB00656D9C45F9E369C9B85334F25423BFA65F21D1E979D82582E8
                                                                                                                                                                                                                                                                      Function 00402D44 Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402DA9
                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DB2
                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DD3
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Close$Enum
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 464197530-0
                                                                                                                                                                                                                                                                      • Opcode ID: 783bf1924eaceae6677feedcc5031a151434ee63f91e097ea153fa5b1c868383
                                                                                                                                                                                                                                                                      • Instruction ID: fc7ade2e12cd9e993d25f9a328d8db16c9603ee1eb20de8c24b8f84b94a82c23
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 783bf1924eaceae6677feedcc5031a151434ee63f91e097ea153fa5b1c868383
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B4116A32500109FBDF02AB90CE09FEE7B7DAF54340F100076B904B51E1E7B59E21AB68
                                                                                                                                                                                                                                                                      Function 00402E79 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • DestroyWindow.USER32(00000000,00000000,00403059,00000001,?,00000006,00000008,0000000A), ref: 00402E8C
                                                                                                                                                                                                                                                                      • GetTickCount.KERNEL32 ref: 00402EAA
                                                                                                                                                                                                                                                                      • CreateDialogParamW.USER32(0000006F,00000000,00402DF3,00000000), ref: 00402EC7
                                                                                                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000005,?,00000006,00000008,0000000A), ref: 00402ED5
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 2102729457-0
                                                                                                                                                                                                                                                                      • Opcode ID: 924f9f108daf828ee83ef716cb3535c52cefc1d4ff45c1c6af266e6598bfdb86
                                                                                                                                                                                                                                                                      • Instruction ID: 9c0cd9c85579b1f1539786df4f617efd254904ce91a486f6a135d178cfad0ab8
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 924f9f108daf828ee83ef716cb3535c52cefc1d4ff45c1c6af266e6598bfdb86
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7AF05E30485630EBD6506B20FE0CACB7BA5FB84B41B0149BAF005B11E4D7B85880CBDC
                                                                                                                                                                                                                                                                      Function 00405296 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • IsWindowVisible.USER32(?), ref: 004052C5
                                                                                                                                                                                                                                                                      • CallWindowProcW.USER32(?,?,?,?), ref: 00405316
                                                                                                                                                                                                                                                                        • Part of subcall function 0040427D: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 0040428F
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                                                                      • Opcode ID: 7d5e46cc1e5f02d88c983cfba86e53e431cbed6f21b5100807b47a566b29449e
                                                                                                                                                                                                                                                                      • Instruction ID: 334c9fee3abb3f39d596823d3a3537c7effd0098edc8ca0b3d981ed7cb288a41
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7d5e46cc1e5f02d88c983cfba86e53e431cbed6f21b5100807b47a566b29449e
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F9015A31100709ABEB205F51DD94A9B3B26EB84795F20507AFA007A1D1D7BA9C919E2E
                                                                                                                                                                                                                                                                      Function 00406188 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00004000,00000002,?,00000000,?,?,Remove folder: ,?,?,004063FC,80000002), ref: 004061CE
                                                                                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,?,004063FC,80000002,Software\Microsoft\Windows\CurrentVersion,Remove folder: ,Remove folder: ,Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nszB3DC.tmp\), ref: 004061D9
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CloseQueryValue
                                                                                                                                                                                                                                                                      • String ID: Remove folder:
                                                                                                                                                                                                                                                                      • API String ID: 3356406503-1958208860
                                                                                                                                                                                                                                                                      • Opcode ID: caab4bc250bb6a278ef1a8ac262e6d4f4be946af9bdb02c3b8c6b2633afb5ee1
                                                                                                                                                                                                                                                                      • Instruction ID: 8659262355d6ebf2290daf59b07b2549fc881bd87fa0bb5ea6267207f8cb0b09
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: caab4bc250bb6a278ef1a8ac262e6d4f4be946af9bdb02c3b8c6b2633afb5ee1
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68017C72500209EADF218F51DD09EDB3BB8EF55364F01403AFE16A61A1D378DA64EBA4
                                                                                                                                                                                                                                                                      Function 004058A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00468250,Error launching installer), ref: 004058CC
                                                                                                                                                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 004058D9
                                                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                                                      • Error launching installer, xrefs: 004058B6
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                                                                      • String ID: Error launching installer
                                                                                                                                                                                                                                                                      • API String ID: 3712363035-66219284
                                                                                                                                                                                                                                                                      • Opcode ID: 63fdd641d1b9510881a379fce0cbff5cab58f1c092c5a17148380fd449a2e826
                                                                                                                                                                                                                                                                      • Instruction ID: 30392a530fa928b09b8412afc6dc4f2cd20664ca8a9f97139eafb5a2ce14b88a
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 63fdd641d1b9510881a379fce0cbff5cab58f1c092c5a17148380fd449a2e826
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33E09AB5540609BFEB009B64DD05F7B77ACEB04708F508565BD51F2150EB749C148A79
                                                                                                                                                                                                                                                                      Function 00405D15 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D25
                                                                                                                                                                                                                                                                      • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405D3D
                                                                                                                                                                                                                                                                      • CharNextA.USER32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D4E
                                                                                                                                                                                                                                                                      • lstrlenA.KERNEL32(00000000,?,00000000,00405FFA,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D57
                                                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1923285885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923258695.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923308746.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000469000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000483000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.00000000004FF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923333659.0000000000553000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      • Associated: 00000000.00000002.1923607015.000000000059F000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_400000_Kameta Setup 1.jbxd
                                                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                                                      • API String ID: 190613189-0
                                                                                                                                                                                                                                                                      • Opcode ID: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                                                                                                                                                                                                      • Instruction ID: cc601e2af81a4130f3690bf6756e9ae730db34a97aa71f580e1783f9e5236296
                                                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3DF0F631200818FFC7129FA4DD049AFBBA8EF06354B2580BAE840F7211D634DE02AF98